Kubuntu Trusty System Administration
Users and Groups
- K Menu -> System -> System Settings -> Advanced -> User Management
- Add New Users
- K Menu -> System -> System Settings -> Advanced -> User Management -> User Accounts -> Add
- Remove Users
- K Menu -> System -> System Settings -> Advanced -> User Management -> User Accounts -> user -> Delete
- Modify Users
- K Menu -> System -> System Settings -> Advanced -> User Management -> User Accounts -> user -> Modify
It is quite often necessary to have extra privileges to do certain tasks. These privileges are assigned to your user by belonging to certain groups. The tasks are allowed to be performed by any user belonging to the group associated with that task.
- Example: a "sudoer" is a user who can perform certain administrative tasks, such as updating the system. To become a "sudoer" a user must belong to the "sudo" group.
- K Menu -> System -> System Settings -> Advanced -> User Management -> User Accounts -> user -> Modify -> Privileges and Groups --> sudo (ticked)
To become an administrator, you must belong to the adm, admin, and sudo groups. To be a virtualbox user, you must belong to the virtualbox group. To change printer settings you must belong to lpadmin. To use the cdrom, you must belong to cdrom. To use hot-pluggable devices, you must belong to plugdev. To share Samba folders (on a Windows-based network), you must belong to sambashare. To access NTFS files using the virtual filesystem fuse, you must belong to the fuse group. To use many games, you must belong to the games group. The list is long, and not always obvious.
Unfortunately, while this is the feature that gives Linux such a high-level of security, it can also take diligence to remember to add your user to certain groups. It is not uncommon for programs and functions on your system not to work merely because you don't have privileges to do so because you forgot to add your user to the appropriate group(s).
Of most importance, you must already be an administrator in order to change membership in groups. Therefore, if you create a new user and intend to give that user administrative privileges (by assigning the user to the administrative groups), you must do so from your original administrator account (the one you set up at installation) or from another administrative user account.
PolicyKit-KDE is the KDE frontend for PolicyKit, a toolkit for controlling system-wide user privileges.
Timekpr (Parental controls)
Timekpr is a program to track and control the computer usage of user accounts. (This is different from KTimeTracker, which merely records your usage but does not restrict it.) It is available from a Launchpad PPA.
- If updating, remove any prior versions:
sudo dpkg --purge timekpr
- Add the timekpr third-party repositories:
deb deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu oneiric main deb-src deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu oneiric main
sudo apt-get install timekpr
- When prompted which default display manager to use, select "kdm"
- K menu -> System -> Timekpr Control Panel
Web content filtering
DansGuardian provides web filtering capability, similar to NetNanny. It is useful for limitng objectionable content in publicly accessible workstations, or for filtering objectionable content for younger users. It integrates with ClamAV, and uses several criteria for filtering websites (which is difficult to modify). It is used with Tinyproxy (best for individual users) or the Squid proxy (best for a network server). Install:
sudo apt-get install dansguardian tinyproxy
sudo apt-get install dansguardian squid
See these installation instructions for setup details. In brief,
- Edit the dansguardian configuration file:
sudo nano /etc/dansguardian/dansguardian.conf
- comment out the UNCONFIGURED line:
- If using tinyproxy instead of Squid, change the proxyport to 8888:
- Reinstall dansguardian:
sudo apt-get install --reinstall dansguardian
- Set your browser to use the localhost:8080 proxy. For example, in Firefox:
- Firefox -> Edit -> Preferences -> Advanced -> Network -> Settings
- Manual proxy configuration -> HTTP proxy: localhost -> Port: 8080
- A Webmin module is available to administer settings. Also, a GUI to change Dansguardian settings called Webstrict is in development.
Automating Tasks (cron)
- Cron is a system daemon that runs tasks in the background according to instructions found in a crontab file. To edit the crontab file for the current user:
Tasks that normally require administrative (sudo) privileges should be added to the root user's crontab:
sudo crontab -e
- Scheduled/automated tasks (cron events) can also be edited using a KDE GUI interface for cron. Install the configuration module:
sudo apt-get install kde-config-cron
- K menu -> System -> System Settings -> Task Scheduler
KWallet (Password Manager)
KWallet is a password manager for the KDE desktop. Refer to the handbook for detailed usage instructions. If a password is not desired to be used for an application, merely leave the password blank when prompted.
Change themed background wallpapers
The background wallpapers for the KDE themed greeter (at login) and the KDE screen locker can be changed by one of several methods (which are not intuitive). See this KDE Forums thread for options and details.
- The screen locker (lockable screensaver) can be activated in the System Settings (System Settings -> Display and Monitor -> Screen Locker). To change the screen locker background image, here is a suggested method.
- Edit the screen locker UI settings:
sudo kate /usr/share/kde4/apps/ksmserver/screenlocker/org.kde.passworddialog/contents/ui/main.qml
source: theme.wallpaperPathForSize(parent.width, parent.height)
/* source: theme.wallpaperPathForSize(parent.width, parent.height) */ source: "1920x1080.png"
- Note: Make sure to include the quotation marks around the image filename. Use a size for the filename that matches your screensize. If your screen is only 1024x768, for example, you can use "1024x768.png" for the designated filename.
- Choose (or create) a .png image of the appropriate size to be used as the background image for the screen locker. For example, I happen to like the wallpapers of the Ariya theme and use the /usr/share/wallpapers/Ariya/contents/images/1920x1080.png image for my screen locker. Create a symbolic link for that image to the screen locker folder:
sudo ln -s /usr/share/wallpapers/Ariya/contents/images/1920x1080.png /usr/share/kde4/apps/ksmserver/screenlocker/org.kde.passworddialog/contents/ui/1920x1080.png
- Note: Make sure the link filename matches the one specified in the edited settings file.
Login Menu settings
You can change the Login menu settings from the GUI interface:
- K menu -> System Settings -> Advanced -> Login Manager
You can choose an integrated theme or select individual components of the login screen/process.
GRUB boot manager settings
Trusty comes with Grub2, a difficult boot manager to customize. (Grub2 is also known as grub-pc.) See the evolving instructions at the Ubuntu wiki or Ubuntu forums. In brief, some settings can be edited:
sudo kate /etc/default/grub sudo update-grub
Alternatively, use the command:
sudo grub-mkconfig --output=/boot/grub/grub.cfg
Grub2 background image, colors, fonts
- See this Ubuntu Forums thread.
- Any background image can be used for Grub2 by placing the image in the /boot/grub folder and then reconfiguring Grub2:
The image ought to be the same size as the Grub2 startup resolution specified in /etc/default/grub (e.g. 1024x768).
- A selection of splashimages can be installed into the /usr/share/images/grub folder:
sudo apt-get install grub2-splashimages
- One of the images can be linked to the /boot/grub folder and used as the splash image. For example:
sudo ln -s /usr/share/images/grub/Plasma-lamp.tga /boot/grub sudo update-grub
Change the default menu item
- There are several ways to change the default Grub2 menu item, but only one is reliable. The menu items in Grub2 change name and position in the list with every kernel upgrade. However, if you choose the default menu item by name, you can reliably set it as the default. For example, if you wish to boot a Windows OS as the default and the Grub 2 menu lists it as Microsoft Windows 98SE Ancient Edition (on /dev/sda1) then edit /etc/default/grub:
sudo kate /etc/default/grub
and change the entry to resemble:
GRUB_DEFAULT="Microsoft Windows 98SE Ancient Edition (on /dev/sda1)"
then regenerate the Grub2 config file:
To find out the names of the menu items, use:
sudo grep menuentry /boot/grub/grub.cfg
- Note: There is a bug in Grub2 v.1.99 such that if the GRUB_DEFAULT option is used, the Grub2 menu can not be entered (for manually selecting a menu item). If the default option is a non-Linux OS, there will then be no way start a Linux OS (and therefore no way to subsequently change the /etc/default/grub configuration file). Use this option with great care.
- A KDE-based frontend to Grub2 configuration can be installed:
sudo apt-get install kde-config-grub2
- K Menu -> System -> System Settings -> Startup and Shutdown -> Grub2 Bootloader
Protecting Grub2 from cracking
- See this section of the Grub Manual for important information on securing Grub2.
- To add password protection, in the /etc/grub.d/40_custom configuration file
sudo kate /etc/grub.d/40_custom
- add the lines:
set superusers="user1" #password_pbkdf2 user1 grub.pbkdf2.sha512.10000.biglongstring password user1 insecurecleartextpassword
and change your password to something other than insecurecleartextpassword, or use the pbkdf2-encrypted method described here. You can then password-lock menu items as well. For detailed info see this blog.
- Regenerate the grub.cfg file:
- With this method, Grub2 will require a username and password for every action. However, I like the initial Ubuntu entry to boot automatically without a password. To accomplish this, add the --unrestricted entry to the menuentry for the first "Ubuntu" entry in the newly generated grub.cfg file (use gedit instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /boot/grub/grub.cfg
- Look for the line with
- and edd the --unrestricted option to the line:
menuentry 'Ubuntu' --unrestricted more options usually follow
- Note: This step must be done each time the grub.cfg file is regenerated using the "update-grub" utility (including after major updates).
The older version of GRUB ("Grub Legacy") is available, for use with a boot partition, for example. Install:
sudo apt-get install grub
- If you have multiple operating systems (OS) on your computer, you may be using the GRUB Legacy boot manager (in a boot partition, for example). You can edit the options for GRUB Legacy in the menu.lst configuration file. (See this detailed info.)
sudo nano /boot/grub/menu.lst
- (kate can also be used instead of nano as the text editor.)
Removing Grub2 entirely
Personally, I have had nothing but trouble with Grub2 since the beginning. Every version brings a new headache and one OS or another stops loading. I have reverted to Grub Legacy entirely by uninstalling Grub2 (grub-pc) prior to installing Grub Legacy (grub):
sudo apt-get remove grub-pc grub-common kde-config-grub2 --purge sudo apt-get install grub
Chainloading Grub2 from Grub Legacy
- To chainload Grub2 (installed in this example with the OS in the /dev/sda7 partition) from Grub Legacy (stored in a boot partition, for example), use an entry of this format in the Grub Legacy /boot/grub/menu.lst configuration file:
title (K)Ubuntu Trusty OS (chainloader) rootnoverify (hd0,6) chainloader +1
- Grub2 is erratic, however. In many situations I don't bother to chainload it at all. Instead, it is possible to bypass Grub2 entirely and load the OS directly using Grub Legacy (stored in a boot partition, for example) using an entry in /boot/grub/menu.lst of the format:
title (K)Ubuntu Oneiric OS (chainloader) rootnoverify (hd0,6) kernel /vmlinuz root=/dev/sda7 ro initrd /initrd.img
- My old method for chainloading Grub2 (installed in this example in the /dev/sda7 partition) from Grub Legacy used an entry in the Grub Legacy configuration file (/boot/grub/menu.lst) with this format:
title (K)Ubuntu Maverick OS (chainloader) rootnoverify (hd0,6) kernel /boot/grub/core.img
- This method, however, requires a current core.img to have been created with grub-mkimg (part of the grub-install process). When there are substantial changes to the partition or the kernel, the core.img must be re-created by re-installing Grub2 into the OS partition (in this example /dev/sda7 corresponds to (hd0,6) ):
sudo grub-install /dev/sda7
Protecting Grub Legacy from cracking
- See this section of the Grub Manual for important information on securing Grub Legacy.
- To add password protection, in the /boot/grub/menu.lst configuration file, uncomment (remove the hashmark) from the line:
and change your password to something other than topsecret, or use the md5-encrypted method described here. You can then password-lock menu items by adding the descriptor lock below the title of any item menu.
You can choose which program to use as your default program for a specific task.
- K menu -> System -> System Settings -> Default Applications
Kill a process
Sometimes a program (or "process") just freezes. To "kill" (or end) the program/process:
- K menu -> System -> System Monitor -> highlight the errant process -> Kill process
From the command line:
sudo killall process
- where process is the name of the frozen program, such as firefox.
Manage Bootup/Startup services
There are two ways to select which services should be started at bootup, and I recommend both. The KDE System Settings only shows KDE services, so the Bootup-Manager is also required to show any GTK-based services installed on your system. Preventing unneeded or unwanted services from loading at startup can improve system performance.
- Select KDE services to run at startup:
- K menu -> Settings -> System Settings -> Startup and Shutdown -> Service Manager
- Install the GTK-based Bootup-Manager:
sudo apt-get install bum
- Run Bootup-Manager:
- K menu -> Settings -> Bootup-Manager
Enabling NUM LOCK On Startup
- K Menu-> System -> System Settings -> Keyboard & Mouse -> Keyboard ->"turn on Numlock on KDE Startup"
Working with Menus
- There are two menu formats -- Kickoff Menu Style and Classic Menu Style. To swtich between the two, you must have the Widgets unlocked:
- Right-click K menu -> Unlock Widgets
the choose your menu style:
- Right-click K menu -> Switch to ... Menu Style
- To edit menus, unlock widgets as above, then:
- Right-click K menu -> Menu Editor
Create an encrypted folder
With Kubuntu, you can create a folder whose contents are encrypted. See these instructions.
Create a symlink from a file to another location
A symbolic link (also known as a symlink) is a method in Linux of referring to a file (or directory) in one location from another location. Usage:
ln -s /path/to/source /path/to/destination
If /path/to/destination requires superuser rights, then use:
sudo ln -s /path/to/source /path/to/destination
This is similar to, but more powerful than, creating Shortcuts, with which former Windows users may be familiar.
Assign a root password
To be able to log in as root directly, you must assign a root password. This can be done with:
sudo passwd root
Afterwards, you can use
to get a root prompt. You would then use the root password.
Get a root prompt without using a root password
If you have not set a root password (or don't know it), you can obtain root user privileges anyway. From the command-line terminal (Konsole):
You will use your own user password instead of a root password.
You could also get a prompt to become any other user on the computer by typing:
sudo su <username>
Use the File Manager as root
- A file manager (such as Dolphin) can be opened with root user (superuser) privileges, allowing access to folders and files with root permissions.
- Of course, you can make a Menu Item / Shortcut using either the kdesudo dolphin or kdesudo konqueror command, as well.
- When opening a file manager in this way, the default folder will be /root/. User files will be found by clicking on the "Root" icon and then navigating to the /home/user/ folder(s).
- It is also possible to open a file manager in the ~/ folder (i.e. /home/user/ folder) using
- There is a risk to doing this, however. Some files with user-level permissions may unpredictably be changed to root user (superuser) permissions (especially when copying or moving files) when the file manager is opened using sudo. It is worthwhile to double-check file permissions for unintended consequences. While I have never seen any problems using sudo dolphin, in general it is recommended to use kdesudo dolphin instead.
- A Root Actions Servicemenu is available for Dolphin in order to perform certain functions with root user (superuser) permissions. However, this service menu does not allow a user to enter folders that have root permissions unless Dolphin has been started using kdesudo dolphin.
Synchronize clock to network time server
The Network Time Protocol (NTP) allows time synchronization of your computer to time servers on the Internet.To enable it:
- K menu -> System Settings -> Date & Time
- Check the "Set date and time automatically" option
- Choose an ntp time server near you.
Manually Mount and Unmount a device
- To manually mount a device:
sudo mount /dev/hda
replace /dev/hda with the location of the device.
- To manually unmount a device:
sudo umount /dev/hda
replace /dev/hda with the location of the device.
Mounting NTFS Partitions (with read/write privileges)
Install NTFS-3G, the NTFS manager:
sudo apt-get install ntfs-3g
Note: You should also be a member of the fuse group to use ntfs-3g.
Find out the name of your ntfs partition:
sudo fdisk -l
Method 1: In this example, the NTFS drive is listed by fdisk as /dev/sda2, but yours may differ.
Make a mount point for the drive:
sudo mkdir /media/WindowsNTFS
sudo nano /etc/fstab
Comment out the automatically added lines by Kubuntu installation:
#/dev/sda2 auto nouser,atime,noauto,rw,nodev,noexec,nosuid 0 0 #/dev/sda2 /mnt auto user,atime,noauto,rw,nodev,noexec,nosuid 0 0
and instead add the line:
/dev/sda2 /mnt/WindowsNTFS ntfs-3g quiet,defaults,rw 0 0
In this example, I indicated that the file system was an ntfs-3g filesystem, so did not use the auto option (which detects the filesystem automatically). I used rw to specify read/write privileges for all users, but umask=0 and umask=000 are accepted by some kernels.
Method 2: Edit fstab:
sudo nano /etc/fstab
When Kubuntu installation finishes, it mounts all ntfs partitions automatically with ntfsprogs, adding a line similar to the following to fstab:
UUID=8466268666267956 /media/sda1 ntfs defaults,gid=46 0 1
Change this line to:
UUID=8466268666267956 /media/sda1 ntfs-3g defaults,nls=utf8,locale=zh_CN.UTF-8,rw,gid=46 0 1
In this example, I have a Chinese-language Windows installation on my first partition, so I set the locale parameter (locale=zh_CN.UTF-8) so that my Chinese documents can display correctly. Setting rw (same as umask=0 or umask=000) lets me read/write the partition without sudo. gid=46 specifies that the drive will belong to the group of hot-pluggable devices (plugdev) and is not necessary unless your ntfs drive is a hot-pluggable one (such as an external USB drive). nls=utf8 is the default and is optional for most ntfs users, but there are other options for Chinese (and other specialized character-set users).
Mounting FAT32 Partitions
Follow the above instructions, but use vfat instead of ntfs-3g.
In other words, if you have made a mount point directory /mnt/WindowsFAT32 and your FAT32 drive is /dev/sda3, then edit the /etc/fstab file to include the line:
/dev/sda3 /mnt/WindowsFAT32 vfat quiet,defaults,rw 0 0