Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Install and customize a nice Ubuntu desktop

by Ralph Green, Jr,

VP of

Ubuntu is currently the most popular Linux distro. I hope to accomplish two things with this article. First, I will describe the install process the way I do it. This may help people who want to try Ubuntu and want to install it in a way that keeps their drives private. In the second part, I’ll show you a number of ways I customize Ubuntu to make it safer and more pleasant to use.

Phase 1, install Ubuntu

To install Ubuntu, There are two main ways to install Ubuntu. Most people do it using a live CD, which boots up and runs without installing anything. This Live CD has an installer you can run to put Ubuntu on your hard disk. There is also an alternate installer, which is taken from debian. It is a text based installer that does not come up as a Live CD, so lets you try Ubuntu without installing. The alternate installer gives you a desktop with the same user desktop, linux kernel and tools as the normal installer, but just uses a different process to install Ubuntu. I almost always use the alternate installer.

On a few computers, the regular live installer has trouble, and the alternate installer may work better for you. That is how I first discovered it. The alternate installer has more options than the live installer and I have come to appreciate some of those differences. To get the alternate installer, open your web browser and go to: This takes you to a “random” web server where the CD images are available. The servers are not really random, but the load is distributed among servers by picking a random entry from Ubuntu’s list of approved mirror sites. Choose the version number you want.

At the time I wrote this, the current version was 11.04. That choice will take you to a web page where you get the actual CD image, where I chose the file named ubuntu-11.04-alternate-i386.iso. That name tells you it is the alternate installer version 11.04 of Ubuntu for the i386 architecture.

As a side note, let me comment that the file name above is slightly misleading. Ubuntu follows the debian naming conventions for architectures, but chooses their own compiler settings. So, while you typically think of the “i386” as signifying-a 32 bit Intel-compatible CPU(386 or higher), 11.04 actually requires 686 chips or higher. I have installed Ubuntu versions 10.04 and earlier on 486 chips. But beginning with version 10.10, in order to get some extra speed, the Ubuntu project started compiling the system with options that required more recent, higher-powered CPUs. Specifically, they started using the CMOV instruction. Even debian has since dropped support for 386 chips and now requires 486 CPUs or higher, yet they still call the architecture “i386”.

On some installation steps below, I will provide some comments. Some steps are so obvious that there is not much I can really say. For instance, your system should be connected to the network when you start the install. True, it is possible to install without a network connection, but you don’t get all the updates that way. We install on computers downtown at First Saturday with no network connection, so have experienced that restriction.

My install steps assume that the only operating system on the computer will be Linux. While I often setup dual boot computers, I’m skipping that part here to simplify these instructions. But, if you need dual boot, be very careful or you may wipe out your other operating system. Come to our 3rd Saturday Linux meeting and ask questions if you need more guidance there.

There is a security weakness in my setup that I am working to resolve, and while I do not believe this is a big problem, you should be aware of the vulnerability. The boot filesystem is unprotected, so someone could theoretically borrow your laptop and install a keylogger there. Later, they could borrow your machine again and see what that passphrase is. To address this weakness, I plan to add monitoring of a few key files to detect whether they have changed from a known good state. But since I don’t have that process where it is simple to explain, I will postpone that topic for a future article. This weakness is not one that most people would ever be concerned with, but you have to decide for yourself.

Below, I am going through the options that I use. I am not saying English is the only language to use or that any of my options are the only way. I am an English speaker living in the central United States and these options work well for me and members of my local computer user’s group.

If you have never installed Linux before, I suggest following these instructions fairly closely. Try it a few times on an old machine and gain confidence in the process. Then, vary it to better suit your own needs.

Steps to install Ubuntu using the alternate installer

  1. Ensure your computer is set to boot from the CD drive, then boot using the alternate installer CD.
  2. Choose English. While this choice indicates the language the installer will use, it does not set the language the installed system will have.
  3. Choose Install.
  4. Choose the language to be used for the installation process, in this case English. This will determine the language to use for the installed system.
  5. Select your location (Choose United States).
  6. Configure the keyboard. Choosing No will allow you to manually set the keyboard layout. If you want to experiment, try Yes, but it will take you more time.
  7. Configure the keyboard. Choosing USA will indicate the language layout of your keyboard.
  8. Configure the keyboard. Choosing USA indicates the key arrangement of your keyboard.
  9. Please enter the hostname for this system. Type the name you want for this computer. The default is ubuntu, but how many machines out there already have that name. Name it after your favorite vacation spot, or dog breed or something. I have a bunch of machines running Ubuntu, and I have to give them unique names to tell them apart on the network.
  10. Configure the clock by choosing Yes. If you have a network connection, the installer tries to figure out what time zone you were in, and it is usually right. But if you don’t have a network connection, you will have to set the time zone manually.
  11. Partition disks. Choosing Manual says you are going to assign drive partitions yourself and not use the system defaults. This option is the primary reason we want to use the alternate installer.

    Now, let me explain the philosophy of how I setup the disk drive. I am making this a little simpler than I normally use, but this is a pretty good working setup.

    I will create three partitions. The first will be small and only contain the files needed to start the system booting. The second will contain an encrypted swap file. The third will contain an encrypted filesystem with most of our files. So if anyone gets your computer, they can only see a few files, unless you give them the passphrase. Those few files are in the /boot directory and don’t include any of your personal data.

    The encryption is good enough that I don’t think that even the government could read the disk at this moment. But, they might hold onto it and find a way to read it in the future.
    1. Scroll down to the hard disk and press enter. You will be asked if you want to create an empty partition table and you should choose Yes.
    2. Scroll down to the free space and press enter. Select “Create a new partition”, then type in the size of the boot partition. Make it small since not much goes there, but if you make it too small, you will have problems updating your operating system in the future. I usually make it .3 GB to .5 GB.
    3. Make it a Primary partition, and locate it at the Beginning of the disk. The Use As field sets the type of filesystem we want -- make it an EXT2 filesystem since we don’t need journaling for the boot partition, which is what EXT3 or EXT4 would add. A FAT filesystem would also be bad because of the way it treats upper and lower case letters in filenames.
    4. Change the Mount point to /boot. Set the Bootable flag to on. Select Done setting up the partition.
    5. Now, scroll down to the free space and press enter. Select “Create a new partition” and type in the size of the swap partition. Make it big enough -- usually .5 GB to 2 GB depending on how large my disk drive is and how much real memory I have. Again, make it a Primary partition, and locate it at the Beginning of the free space.
    6. For Use As, select “physical volume for encryption” and choose “Random key” for encryption key. This means a new random key will be generated every time your system boots up and the swap file will be encrypted with it. Since we don’t need to preserve the data in the swap partition between boots, this will work fine and means that no one can get data from your swap area by reading the disk. Select Done setting up the partition.

      In versions of Ubuntu before 11.04, I used to stop and configure this encrypted swap volume now. The 11.04 installer has a bug and if you try, you won’t be able to encrypt the root partition.
    7. Now, scroll down to the free space and press Enter. Select “Create a new partition”, and type in the size of what will become your root partition. Unless you have a good reason not to, give it the rest of your disk. Make it a Primary partition, and locate it at the Beginning of the free space.

      For Use As, select “physical volume for encryption”, and choose “Passphrase” for encryption key. We need to always be able to read and write this partition, so choose a good passphrase and remember it or write it down (just not on the computer). If you chose a decent passphrase and then forget this passphrase, don’t expect to ever recover the data on this hard drive. Someday, breaking this encryption may be possible, but, it won’t be any time soon.
    8. Select Done, setting up the partition. Scroll up to “Configure encrypted volumes” and press Enter. If asked if you want to write volumes to disk, choose Yes.
    9. Choose “Create encrypted volumes” and look at the list that comes up. You should see two entries that say crypto. Scroll down to each of these and press the space bar to toggle them as active. You can’t see it, but that did a basic setup for the encrypted partitions.
    10. Now, choose Finish in the Actions dialog that comes back up. You will be asked to enter your passphrase twice. If you look at the partitions defined now, you should see an encrypted swap partition and an encrypted partition with ext4. We are almost done with the partitioning.

      If I was not picky about filesystems, we could finish this step by just setting the mount point.
    11. Scroll down to the ext4 filesystem and press enter. For Use As, select a good journaling filesystem like jfs or xfs. I am using btrfs in testing and it works well so far, although btrfs disk writes may be a bit slow, but I am still testing. Reiser has some nice characteristics, but is considered slightly unstable by some. EXT3 and EXT4 are hacks such that I rarely use them. Select Mount Point and choose “/ - the root file system”. Select Done setting up the partition.
    12. Scroll down to Finish Partitioning and press Enter. You will be asked if you should write the changes to disk. If you were careful, the list will look good and you should choose Yes.
  12. The installer will now proceed with the basic installation. That means it is putting a few basic files on the hard disk so that it has enough to finish the installation. This will take a few minutes, so go get a Dr. Pepper. The ones from Dublin, Texas are much preferred by those with discerning palettes.
  13. Full name for the new user. Here, we setup the main user account to be used on the system by entering their first and last name. The first name will be converted to all lower case and suggested as the user name for the account. That is usually a good choice, but maybe you have two Daryls; if so, you might want to make it daryl1 or something similar.

    Pick a good password. Because we have a nice encrypted filesystem, we are not as worried about someone physically getting into your files. But, when your system is running, you may expose services where a remote user can try to get into your computer. A decent password will slow them down, so pick a good one. We encrypted the entire root filesystem, so you can probably choose No when asked about encrypting your home directory.
  14. Some people are behind firewalls that limit the places they can visit on the web. If you are in such a place, you may have an http proxy address you need to enter. Most people can just leave that field blank and press Enter when asked about the http proxy.
  15. Now, you can let the system install - the step with the longest wait time (20 minutes to several hours). The length of time depends on how fast your system is and how fast the network is. If you have a network connection, the installer goes out and gets some newer packages, if any have been released since the CD was made.
  16. If you did as I did and used the entire hard disk for Ubuntu, you will see a message asking if you want to install grub to the master boot record. On a few embedded computers with unusual BIOS setups, I have had to install grub to a partition. But, generally, the correct answer here is Yes.
  17. You will be asked if your system clock uses UTC. Most people should just answer Yes. UTC is the same as GMT, except the French approved it. They prefer UTC because they could not stand having to say the name of an English town.

    If you want to understand more about setting the time, read the rest of this paragraph. Most people do not live in the same time zone as Greenwich, England, so their time is offset from GMT by a number of hours. In Dallas, that offset is 5 or 6 hours, depending on the time of year and the whims of Congress. The clock on your computer can store the time either as it is in Greenwich, England (GMT/UTC) or the time in your time zone (Central Standard/Daylight Time). Configuration files then tell the system which time zone you are in and which value to store.

    The convention on UNIX and Linux is to store the time and date as Greenwich Mean Time, but Linux can handle it either way. Until Vista, Windows required the system time to be the local time, so users of dual boot systems found it convenient to use that.
  18. The installation is now complete. Choose Continue to boot into your new system. When your computer is just a little ways into the boot process, you will be prompted for your passphrase. Enter it correctly and the system will boot up. This is the encryption passphrase we used to create the root filesystem above. The conventional password is an access control device and either lets you in, or not. If you are only using access control, someone can take the hard drive out of your computer, mount in on another computer and read the data on it without having to log in. Or, they can boot the computer with the right CD and copy your files over the network. Technicians do that all the time and they don’t need your password. The encryption passphrase we use is required to decrypt the contents of the disk. Without the encryption passphrase, the disk drive just looks like it is filled with noise. But not everyone should use this kind of encryption. For instance, if you grandmother is forgetful, don’t setup her system this way. It will confuse her, and she will forget the passphrase. (I am not attacking grandmothers; I am just speaking with experience about my own dear grandmother).

Phase 2, customize Ubuntu

Ubuntu is pretty nice out of the box, but there are a number of ways to improve it. Here are some things I do to a new machine after I install Ubuntu. I don’t think everyone will make all of these changes, but I really make them to every machine I setup. Even if you don’t do them all, knowing where some of these options are set can be handy. Ubuntu uses Gnome by default. Even version 11.04 of Ubuntu is based on Gnome, although it uses a different program called Unity to manage running programs on the screen. While I encourage users to try Unity, I don’t think it is ready for daily use yet. After installing and rebooting, you get to the login screen. When you select the user, look down at the bottom of the screen and observe the place to select your desktop. Click on it and choose “Ubuntu Classic”. Or, if you will be accessing this computer with VNC, choose “Ubuntu Classic (No effects)”. Then go back and enter your password and login. The changes in this article are mostly for Gnome users, and many of the changes below also improve systems using Unity. Although I’d like to do a similar article for KDE users under Kubuntu users, I need to figure out a few more things first. Maybe someone else will write that article first (hint hint). .

Here are my suggested changes:

  1. Apply all available updates. I usually use Synaptic. Press the “Reload” button so your computer will know the latest versions of all software installed. Then, press “Mark All Upgrades” to indicate that you want all upgrades installed. Then, press “Apply” and “Apply” on the dialog that pops up. A reboot is often required at this point, because of things like a new kernel version coming in.
  2. Fix three bad default Gnome settings. Go to System/Preferences/Main Menu. Select System Tools in the left panel and then put a checkmark beside Configuration Editor in the right panel. Now, press the “Close” button at the bottom of the program. This put the Gnome configuration editor into our menus. Now go to Applications/System Tools/Configuration editor. If you are running Unity, and don’t have those menu choices, just open a terminal prompt and type gconf-editor and enter. We are going to adjust 3 settings. Click the down arrow beside apps.
    1. This first change moves the buttons at the top of programs back to the top right side. Scroll down and click the down arrow beside metacity. Select general under metacity and then look to the right panel. Select the text to the right of button_layout and change it to “:minimize,maximize,close”. Don’t put the quote marks in.
    2. Nautilus is the file browser used in Gnome. As you maneuver through your disk, you can have a field near the top of Nautilus that shows the directory you are in. You can cut and paste from this field, if you enable it. This change will give you that option. Now, go back to the left panel and press the arrow beside nautilus. Select preferences under nautilus and put a check mark beside “always_use_location_entry” in the right panel.
    3. Ubuntu checks to see if updates are available and will tell you when they are ready, but the default is very distracting, as it pops up a program on your desktop whenever it finds an update. The change I am suggesting will still alert you, but in a more discreet manner, by putting a little red icon near the top right corner of the screen and mostly stays out of your way. Go back to the left panel of the Configuration Editor. Scroll down to update-notifier and select it. Remove the check mark beside auto_launch. Now, close the Configuration Editor.
  3. Change bash settings. ll is the command I use most often to list the files in a directory. ll is an alias to the ls command with a couple of options set. The default in Ubuntu is for ll to also show hidden files, but normally, I don’t want to see those files since I am looking for my own files. Go to a terminal prompt and edit .bashrc with your favorite editor. I normally use gedit, but other editors are already installed and ready for you. At the terminal prompt, I would start the editor with this command:

    gedit ~/.bashrc

    Scroll down to the line that starts with ll and change it to look like this:

    alias ll=’ls -lF’

    That alias starts in the first column. It is moved over here just for typographical reasons. The ~ character tells the shell to look for the file in your home directory.
  4. Change boot options to give you a bit more information during boot. I am going to assume you have grub2 here. There is a similar thing that can be done for grub1 users, but it has to be redone after every kernel update. Go to a terminal prompt and type:

    sudo gedit /etc/default/grub

    If it comes up with a blank file, you don’t have grub2. Talk to me and I’ll explain how to do this with grub1(aka grub). If the file comes up, scroll down to where you see quiet and replace that with verbose. Save the file. That is all I normally do at this step. This change won’t take effect until your next kernel update. If you are in more of a hurry than I am, go back to your terminal prompt and type:

    sudo update-grub
  5. Change the frequency of update checking. Go to System/Administration/Update Manager and click the “Settings” button at the bottom. You will probably be prompted for your password. Then go to the Updates tab and change the selection beside “Check for updates”. Press the “Close” buttons until you get out of the program.
  6. Install a few more programs. You could install these through the Software Center or Synaptic, instead of the way I do it here. I think it is easier to explain this software installation by using the command line. I am going to break this up into several commands so the lines don’t get too long. But, you could really create one command to install all of these programs at once. These are the programs I add to get a good, usable Linux desktop. Go to a terminal prompt and type these commands(Reboot after this step):
    sudo apt-get install smbfs ssh build-essential ffmpeg gstreamer0.10-fluendo-mp3
    sudo apt-get install gimp gstreamer0.10-ffmpeg gstreamer0.10-doc gawk
    sudo apt-get install gstreamer0.10-plugins-bad gstreamer0.10-plugins-ugly
    sudo apt-get install ipython python-gst0.10 xvnc4viewer openvpn python-docutils
    sudo apt-get install traceroute xchat audacity flac vorbisgain vorbis-tools lame
    sudo apt-get install k3b libk3b6-extracodecs speex speex-doc yatm ttf-liberation
    sudo apt-get install clamav clamav-freshclam samba mpgtx mencoder mplayer
    sudo apt-get install mplayer-fonts inkscape dselect libdvdread4 sox
  7. Customize Firefox.
    1. In Firefox, there are two add-ons that you can’t really browse safely without. In Firefox, go to Tools/Add-ons. Search for “Cookie Killer” and NoScript” and add them. You will need to restart the browser after they are added. There are others that I regularly use, but Firefox 4 and 5 are here and many add-ons are more difficult to use in Firefox 4, so I’ll skip them for now. If you are using Firefox 4 or 5, you will need to customize it to make Cookie Killer visible.

      These two add-ons go a long way to making your system more secure. Noscript disables javascript on sites unless you specifically allow their code to run. I practically never allow it, but you can decide for yourself. Javascript is a programming language that web site creators can use to create dynamic web sites. That sounds good, but in reality, it means the web site owner can do anything to your computer that they want. Javascript runs in a sandbox and some people say that keeps you safe. They are wrong. The sandbox is not effective and to the extent that the sandbox is effective, it only works against people who don’t try very hard. So, rather than allow javascript at most sites I visit, I either view their site without javascript or I just move on to another web site.

      Cookie killer makes it easy to kill cookies set by web sites. If you allow cookies to be set at all, and I rarely do, this helps you get rid of them quickly. Getting rid of those few cookies you accept as soon as you are through with them keeps other sites from reading them. Although cookies are supposed to be readable only by the web domain that set them, there are many cross site cookie vulnerabilities, and the security of cookies has proven illusory. So if you delete them, they can’t be read. (Well, maybe if you have vulnerability friendly software like Adobe Flash installed, but I don’t do that.) Sloppy website creators require cookies, and I only have to allow them to login to a few forums.
    2. Now, we will fix the way new tabs are opened. In the URL bar, put “about:config” without the quotes and press enter. In the Filter field, put the word related. The preference name “browser.tabs.insertRelatedAfterCurrent” should come up. Click on that line to change the setting to false.
    3. Go to Edit/Preferences and choose the Privacy tab. Set it to use Custom settings for history, and Uncheck “Use third party cookies”. There is virtually no good reason to accept those.

      Also, uncheck Remember search and form history. If you are willing to put up with a little inconvenience, choose “ask me every time” for Keep until. That way, whenever you visit a new site that wants to set cookies, you can tell it no and to remember the decision. It is not very often that there is any good reason to accept a cookie and after you have been to a site, you won’t get bugged about their cookies anymore. Cookies can be used to aid web site navigation, but usually they are there to track you and why should you enable that kind of anti-social behavior?
    4. Still in Edit/Preferences, click on the Security tab. Uncheck Remember passwords for sites. Nobody can get your password file, if you don’t have one. There are some Firefox add-ons that manage passwords in a more secure way than the default Firefox behavior. There are quirks to each one and I don’t have one I can recommend for everybody. If remembering passwords is important, try a few of these add-ons and study their behavior to find the one that suits you best.
  8. Window borders, especially on large screens are too thin to be able to easily grab when you want to resize a window. We will make them a bit thicker. You won’t see the effect of this change until after you restart X/Windows. Rebooting is an easy way to do that. If you like this change, note it somewhere because system updates can sometimes overwrite it. Edit


    Set the following values in frame_geometry_normal or change from 3 as desired:

    <distance name=”left_width” value=”3”/>
    <distance name=”right_width” value=”3”/>
    <distance name=”bottom_height” value=”3”/>
  9. Make bash the default shell. Ubuntu has used a cut down version of the bash shell for a while. It takes less memory and is good enough that most people don’t notice a difference. The cut down version is called dash. I prefer to have the full bash as my shell, so I just run the following command. sudo dpkg-reconfigure dash and answer no
  10. On Ubuntu 11.04, they decided to make scroll bars harder to use. They did this because they thought it looked cute. We can restore scroll bars to their prior, useful behavior by removing two packages and rebooting. The quickest way to do this is from the command line. sudo apt-get remove overlay-scrollbar liboverlay-scrollbar-0.1-0
  11. On Ubuntu 11.04, they decided to make menus for most programs harder to use. This change will only be noticed when you are running Unity. The new Global Menu, as it is called, makes the screen cleaner, at the cost of less discoverability and more time to access menu items in most programs.

    Until I found a way to fix this, I really disliked using Unity. You can restore the normal behavior of most programs by removing two packages and rebooting. sudo apt-get remove indicator-applet-appmenu indicator-appmenu
  12. sudo /usr/share/doc/libdvdread4/ This will let you play DVD movies. Ubuntu can’t include the pieces to decrypt DVDs. The source code is considered expression and this script compiles that expression into usable modules. I am not a lawyer, so my understanding here could be wrong. Use this at your own risk.


Feel free to come to the Linux SIG and ask them or talk about Linux. I am frequently in the #ntlug irc channel on freenode logged in as Severian.

Oneiric Ocelot addendum

As I write this, Oneiric is still in alpha, so I am keeping this section separate. It will probably change before Oneiric is released.

  1. To fix the scroll bars, remove these packages and reboot.
    1. overlay-scrollbar
    2. liboverlay-scrollbar-0.2-0
    3. liboverlay-scrollbar3-0.2-0
  2. To fix the global menu(which means removing it, since it has no virtues), remove these packages and reboot.
    1. firefox-globalmenu
    2. appmenu-gtk3
    3. appmenu-gtk
    4. indicator-appmenu
  3. Applications like Firefox always come up full screen in Unity. We can fix this in Unity, but not Unity2d at the moment.
    1. Install compizconfig-settings-manager
    2. run ccsm and go to the Unity plugin. Go to the Experimental tab and set automaximize value to 100%.
  4. To put the minimize, maximize and close buttons back on the right side, try one of these. If you do the first one, you have to reboot for it to take effect.
    gconftool-2 --set /desktop/gnome/shell/windows/button_layout --type string ":minimize,maximize,close"
    gconftool-2 --set /apps/metacity/general/button_layout --type string ":minimize,maximize,close"
  5. I have not figured out how to make nautilus show the location bar so that it is actually useful. The change here is almost certainly due to Gnome 3 and was nothing Ubuntu did. I am still looking.
Page last modified on July 28, 2011, at 05:04 AM