Ubuntu:Oneiric for printing

From

Jump to: navigation, search




Ubuntu 11.10 (Oneiric Ocelot)

Introduction

  • On October 14, 2011, Ubuntu 11.10 was released.
  • It is codenamed Oneiric Ocelot and is the successor to Natty Narwhal 11.04 (Natty+1).
  • Oneiric Ocelot is not an LTS (Long Term Support) release. It will be supported with security updates until April 2013.


Contents


General Notes

General Notes

  • This is the original Ubuntuguide. You are free to copy this guide but not to sell it or any derivative of it. Copyright of the names Ubuntuguide and Ubuntu Guide reside solely with this site. This Ubuntu help guide is neither sold nor distributed in any other medium. Beware of copies that are for sale or are similarly named; they are neither endorsed nor sanctioned by this guide. Ubuntuguide is not associated with Canonical Ltd nor with any commercial enterprise.
  • Ubuntu allows a user to accomplish tasks from either a menu-driven Graphical User Interface (GUI) or from a text-based command-line interface (CLI). In Ubuntu, the command-line-interface terminal is called Terminal, which is started:
Menu -> File -> Open Terminal 
Text inside the grey dotted box like this should be put into the command-line Terminal.
  • Many changes to the operating system can only be done by a User with Administrative privileges. 'sudo' elevates a User's privileges to the Administrator level temporarily (i.e. when installing programs or making changes to the system). Example: 
sudo bash
  • 'gksudo' can be used instead of 'sudo' when opening a Graphical Application through the "Run Command" dialog box or as a menu item. Example: 
gksudo gedit /etc/apt/sources.list
  • Many file management tasks can be accomplished with root Administrative privileges by starting the Nautilus file manager in a similar fashion. (Use 'gksudo' if starting Nautilus from a menu item.) 
gksudo nautilus
or 
sudo nautilus
  • "man" command can be used to find help manual for a command. For example, "man sudo" will display the manual page for the "sudo" command: 
man sudo
  • While "apt-get" and "aptitude" are fast ways of installing programs/packages, you can also use the Synaptic Package Manager, a GUI method for installing programs/packages. Most (but not all) programs/packages available with apt-get install will also be available from the Synaptic Package Manager. In this guide, when you see 
sudo apt-get install package

you can search for package in Synaptic and install it that way.

  • Many instructions use the text editor "nano" (which is universally available in Linux). However, it is often easier to use the text editor "gedit" in Ubuntu instead.
  • "Menu" refers to the menu bar at the top (or bottom) of the desktop, akin to the Start menu in Microsoft Windows or the Menu bar of the Apple Macintosh.
  • If you are using the 64-bit version, replace any "i386" with "amd64"

Other versions

How to find out which version of Ubuntu you're using

Open the command terminal and type: 

lsb_release -a

How to find out which kernel you are using 

uname -a

Newer Versions of Ubuntu

  • Ubuntu has a six month release cycle, with releases in April and October.
  • Precise Pangolin (12.04 LTS) will be released in April 2012 and will be a Long Term Support version

Older Versions of Ubuntu

Other Resources

  • Ubuntu Forums has a large community for online solutions and specific help.

Ubuntu Resources

Unity Desktop

Unity is the default desktop environment used in Ubuntu. It is compatible with the GTK platform used by Gnome. It was designed to be used for netbooks, but is developed by Canonical to be useful on all types of devices.

Gnome Project

Gnome3 is an alternative desktop available for Ubuntu, and a list of Gnome projects is available. 

sudo add-apt-repository ppa:gnome3-team/gnome3
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install gnome-shell

sudo add-apt-repository ppa:ubuntugnometeam/gnome3
sudo add-apt-repository ppa:ubuntugnometeam/ppa-gen
sudo apt-get update
sudo apt-get install ugr-desktop-g3
sudo apt-get dist-upgrade

Ubuntu Screenshots and Screencasts

New Applications Resources

Other *buntu guides and help manuals

  • Kubuntuguide -- Kubuntu uses the popular KDE desktop environment
  • Lubuntu -- Lubuntu can run with as little as 256 MB RAM. It is better for older machines with limited resources.
  • Edubuntu -- Edubuntu is a collection of software bundles optimized for use in educational environments. LTSP (thin client terminal server support) and many networking tools are bundled. A version for use with KDE (Kubuntu) is available.
  • SkoleLinux / DebianEdu -- a collection of (open-source) educational tools for Debian/Ubuntu Linux
  • Ubuntu Doctors Guild -- a collection of tips for using (K)Ubuntu Linux in health care environments
  • official Ubuntu Server Guide -- a good starting reference for server packages

Installing Ubuntu

Warning: During installation, there is an advanced option (Ready to install -> Advanced) to install the GRUB2 bootloader into the same partition into which the (K)Ubuntu OS is installed but not to change the MBR (Master Boot Record). Pay careful attention during this step if your system uses a boot partition, uses multiple OS (more than 2), or chainloads bootloaders. For systems with such a boot partition, it is best not to overwrite the MBR.

Hardware requirements

Ubuntu Oneiric Ocelot runs well with as little as 384 Mb RAM. (The GUI installer requires a minimum of 256 Mb RAM, while the alternative text-based installer can run using only 192 Mb RAM.) Netbooks can run Ubuntu Oneiric Ocelot, which has been optimised for that platform.

The installation takes between 3-4 Gb hard drive space, and 8 - 10 Gb will be needed to run comfortably. (However, at least 25-30 Gb will likely be needed for routine usage.)

If you have an older computer with less memory than this, consider Lubuntu (if 160 Mb RAM or greater), PuppyLinux (if 256 Mb or greater), or DSL (if minimal RAM, limited hard drive space, running from a USBdrive, or running from within another OS).

Fresh Installation

See this guide for burning the ISO image to a CD ("LiveCD").
Use the LiveCD for installation.
  • The Alternate CD version also allows the use of the same fast text-based installer used in the Server version (requiring less RAM), and there are more installation options than on the Desktop CD ("Regular Download").

Install a classic Gnome-appearing User Interface

  • A Gnome 3 interface gnome-shell can be installed, and a choice (from the Login Manager) of running in Unity or Gnome 3 will then be available: 
sudo apt-get install gnome-shell
  • A user interface resembling the classic Gnome 2 interface (used in Ubuntu Lucid Lynx and earlier versions) can be installed. (This installs the gnome-shell modules as well.) A choice of running Unity or Gnome as the desktop environment will then be available from the Login Manager. 
sudo apt-get install gnome-session-fallback
  • A complete Ubuntu Gnome Shell Remix OS (an unofficial Ubuntu derivative) is also available from which the Unity desktop environment has been removed entirely, and is more similar to a Debian distribution with a Gnome desktop.
  • Of course, if you would like to use Ubuntu with the popular and powerful KDE desktop, use Kubuntu.

Dual-Booting Windows and Ubuntu

A user may experience problems dual-booting Ubuntu and Windows. In general, a Windows OS should be installed first, because its bootloader is very particular. A default Windows installation usually occupies the entire hard drive, so the main Windows partition needs to be shrunk, creating free space for the Ubuntu partitions. (You should clean up unnecessary files and defragment the drive before resizing.) See changing the Windows partition size.

After shrinking a Windows partition, you should reboot once into Windows prior to installing Ubuntu or further manipulating the partitions. This allows the Windows system to automatically rescan the newly-resized partition (using chkdsk in XP or other utilities in more recent versions of Windows) and write changes to its own bootup files. (If you forget to do this, you may later have to repair the Windows partition bootup files manually using the Windows Recovery Console.)

Newer installations of Windows use two primary partitions (a small Windows boot partition and a large Windows OS partition). An Ubuntu Linux installation also requires two partitions -- a linux-swap partition and the OS partition. The Linux partitions can either be two primary partitions or can be two logical partitions within an extended partition. Some computer retailers use all four partitions on a hard drive. Unless there are two free partitions available (either primary or logical) in which to install Ubuntu, however, it will appear as if there is no available free space. If only one partition on a hard drive can be made available, it must be used as an extended partition (in which multiple logical partitions can then be created). Partition management can be done using the GParted utility.

If there are only two existing primary partitions on a hard drive (and plenty of free space on it) then there will be no problem installing Ubuntu as the second operating system and it is done automatically from the Ubuntu LiveCD. Allow the Ubuntu LiveCD to install to "largest available free space." Alternatively, if there is an extended partition with plenty of free space within it, the Ubuntu LiveCD will install to this "largest available free space" as well.

The main Windows partition should be at least 20 Gb (recommended 30 Gb for Vista/Windows 7), and a Ubuntu partition at least 10 Gb (recommended 20 Gb). Obviously, if you have plenty of disk space, make the partition for whichever will be your favoured operating system larger. For a recommended partitioning scheme, see this section.

Conversely you can install a retail version of Windows (but not an OEM or recovery version) after Ubuntu by creating a primary NTFS partition using GParted. (You may have to use GPparted from a Live CD/USB). Once the primary NTFS partition is created you can boot your Windows CD/DVD and choose to install Windows to that NTFS partition. When installation is complete, reboot to insure Windows boots properly. Once that is ascertained, use the Ubuntu Live CD/USB to install GRUB back to the MBR. (This is necessary because Windows overwrites the MBR and designates its own bootloader as the master bootloader.) Once GRUB is installed you will be able to boot either OS.

Alternatives include:

  • Wubi (Windows-based Ubuntu Installer), an officially supported dual-boot installer that allows Ubuntu to be run mounted in a virtual-disk within the Windows environment (which can cause a slight degradation in performance). Because the installation requires an intact functioning Windows system, it is recommended to install Ubuntu in this manner for short-term evaluation purposes only. A permanent Ubuntu installation should be installed in its own partition, with its own filesystem, and should not rely on Windows.
  • EasyBCD, a free Windows-based program that allows you to dual-boot Windows 7/Vista and Ubuntu (as well as other operating systems) by configuring the Windows 7/Vista bootloader.

Installing multiple OS on a single computer

Warning: During installation, there is an advanced option (Ready to install -> Advanced) to install the GRUB2 bootloader into the same partition into which the (K)Ubuntu OS is installed but not to change the MBR (Master Boot Record). Pay careful attention during this step if your system uses a boot partition, uses multiple OS (more than 2), or chainloads bootloaders. For systems with such a boot partition, it is best not to overwrite the MBR.

  • Example, from the Desktop version GUI installer, a point in the installation will be reached:
Summary -> Advanced -> Device for boot loader installation: /dev/sda6

In this example, this setting will cause the GRUB2 bootloader to be installed into /dev/sda6 only (the partition into which the new (K)Ubuntu OS is being installed). The MBR (Master Boot Record) will not be changed. However, if the default setting of /dev/sda is allowed, then GRUB2 will not only be installed into partition dev/sda6 (into which the (K)Ubuntu OS is installed) but also the MBR (MasterBootRecord) will be changed so that the copy of GRUB2 stored there will be designated as the master bootloader for all Operating Systems on the entire computer. This may be undesirable if you wish to use bootloaders other than GRUB2.

If you want to install more than 2 operating systems on a single computer, check out these tips. Also see these tips regarding manipulating partitions.

Use Startup Manager to change Grub settings

Grub is a bootup utility that controls which OS to load by default and other bootup settings. You can change Grub settings from Startup Manager, a GUI that is able to manage settings for Grub (Grub Legacy), Grub 2, Usplash, and Splashy. Also see the Ubuntu Community help page for Startup Manager usage instructions. Install: 

sudo apt-get install startupmanager menu

Run:

Menu -> System -> Administration -> Startup Manager

Note: You can also edit the Grub settings manually from the command-line interface.

Dual-Booting Mac OS X and Ubuntu

Mac OS X has a similar structure to Linux (it is BSD Unix based). Dual-booting Mac OS X and Ubuntu detailed instructions can be found here.

Installing Mac OS X after Ubuntu

  • If you decide to dual boot with OS X, choose ext2 as your partition type during the Ubuntu installation. (For this the Super Grub Disk CD is a useful utility. You can download the Super Grub .iso image file at forjamari.linex.org and burn the image to a CD-ROM.)
  • Once you have installed Ubuntu, edit the Grub start-up list: 
sudo nano /boot/grub/menu.lst
and add the following lines: 
title Mac OS X
root (hd0,0)
makeactive
chainloader +1

Reboot your Mac and go to the terminal in Max OS X (if you have any issues booting, boot from your Mac OS X DVD). Press F8 and enter -s. Enter: 

fdisk -e /dev/rdisk0
flag 2 <--note that flag 2 is my Mac partition number two
quit
y
reboot
  • If are still unsure whether it is working correctly, use the Super Grub Disk CD and make grub active.

Installing Ubuntu after Mac OS X

  • If you get an error message during boot such as HFS+error in the bootloader, you can also use the Super Grub Disk for recovering Linux GRUB and the Windows MBR (Master Boot Record).
  • Once you have installed Ubuntu, edit the Grub start-up list: 
sudo nano /boot/grub/menu.lst
and add the following lines: 
title Mac OS X
root (hd0,0)
makeactive
chainloader +1
If you have issues with Mac OSX or Windows in GRUB, try changing the Mac OS X Grub entry
change root (hd0,0) to root (hd0,1)

This means you will boot into partition number 1. You can try any partition number until you get it right.

Upgrading from older versions

There are several methods for upgrades from the command-line interface (Konsole) (which can be used for both the desktop and server editions of Kubuntu/Ubuntu).

  • This is the preferred method: 
sudo apt-get install update-manager-core
sudo do-release-upgrade
  • You can also use the update-manager (all editions): 
sudo apt-get install update-manager
sudo update-manager -d
  • You can also use: 
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
(Note: the first two lines simply make sure your current distribution is current before upgrading the entire distribution, and are optional.

Always backup your system. Upgrades do not generally work for me, because I often make customizations to my older installations (to make my hardware work with them) but these customizations are often not required in the newest version. When the system then attempts to migrate my customizations (during an attempted upgrade), it often crashes my new system. (Fortunately, I always back up my important files, and reinstalling them on a fresh OS installation is therefore usually accomplished relatively quickly.) Here are some of the steps I have sometimes needed to take when performing upgrades.

  • In general, upgrades must be done serially from one version to the next in order.

Reinstalling applications after a fresh installation

If you upgrade your Ubuntu system with a fresh installation, it is possible to mark the packages and services installed on your old system (prior to the upgrade) and save the settings ("markings") into a file. Then install the new version of Ubuntu and allow the system to reinstall packages and services using the settings saved in the "markings" file. For instructions, see this Ubuntu forum thread. In brief:

  • On the old system:
Synaptic Package Manager -> File -> Save Markings
  • Save the markings file to an external medium, such as a USB drive.
  • Complete the backup of your system's other important files (e.g. the /home directory) before the installation of the new system.
  • In the freshly-installed new system:
Synaptic Package Manager -> File -> Read markings and load the file on your USB drive (or other external storage) previously saved.

Note: Many packages, dependencies, and compatibilities change between version of Ubuntu, so this method does not always work. Automated updates remains the recommended method.

  • Alternatively you can use this command-line method.
  • Prior to the clean installation. run: 
dpkg --get-selections > ~/my-packages
This creates a my-packages file in the ~ (home) directory which will contain a list of the packages installed on the old system. Copy this file to a safe place (as you will need it after the new installation).
  • Proceed with the clean installation. Enable the same repositories that were enabled in the old system.
  • Now copy the my-packages file to the ~ (/home) folder. Run: 
sudo dpkg --set-selections < my-packages && sudo apt-get dselect-upgrade
Any packages that you had installed (that are in the new repositories) will now be installed. Excluded will be any manually-installed packages (that are not in the new repositories) and any packages that were compiled from source.
  • Here are some of the steps I have sometimes needed to take when performing upgrades.

Add Extra Repositories

Software packages and programs are freely available for download at multiple online sites with standardized structures, called repositories. There are repositories officially sanctioned and monitored by the Kubuntu/Ubuntu developer community, while other repositories are independently provided, without official sanction or supervision (and should be used with caution). Additional information is available from the Ubuntu Repository Guide.

Types of Repositories

  • There are four major package repository types in Ubuntu:
  • main - Supported by Canonical. This is the major part of the distribution.
  • restricted - Software not licensed under the GPL (or similar software license), but supported by Canonical.
  • universe - Software licensed under the GPL (or similar license) and supported by users.
  • multiverse - Software not licensed under the GPL (or similar license), but supported by users.
  • There are also these additional types of repositories:
  • oneiric-updates - Updates to official packages.
  • oneiric-backports - Current version software from Precise Pangolin (Oneiric+1) that have been backported to Oneiric Ocelot.
  • oneiric-proposed - Proposed updates & changes (bleeding edge stuff).

Third party repositories

Software developers often maintain their own repositories, from which software packages can be downloaded and installed directly to your computer (if you add the repository to your list). Many of these third party repositories and software packages have never been reviewed by the (K)Ubuntu/Debian community and can present a security risk to your computer. Trojans, backdoors, and other malicious software can be present at any unregulated repository. When using repositories not endorsed by the (K)ubuntu/Debian community, make sure you have utter confidence in that site before enabling the repository and installing a software package from it.

PPA repositories

A Personal Package Archive (PPA) is a special software repository used for experimental source packages still under development. Such software has not been approved by the Debian or Ubuntu developers (but may eventually become an accepted package). Use this software at your own risk just like any other third party repository software.

Documentation about how to install software from this type of repository can be found at the PPA Installing Software Guide.

In brief, to add a repository: 

sudo add-apt-repository ppa:user/ppa-name

Note: If add-apt-repository is not available on your system, then install it with the package: 

sudo apt-get install python-software-properties

Add Repositories using Synaptic Package Manager

This is the preferred method.

  • Menu -> System -> Administration -> Synaptic Package Manager -> Settings -> Repositories.
  • Here you can enable the repositories for Ubuntu Software and Third Party Software.
  • For Third Party Software select Add -> enter the repository's address. It will have a format similar to: 
deb http://archive.ubuntu.com/ubuntu/ oneiric main restricted
deb-src http://archive.ubuntu.com/ubuntu/ oneiric main restricted
  • Example: To add the Medibuntu repository, Add: 
deb http://packages.medibuntu.org/ oneiric free non-free
  • Download the repository key to a folder.
  • Example: The Medibuntu key can be downloaded from
http://packages.medibuntu.org/medibuntu-key.gpg
  • Then add the key from:
Menu -> System -> Administration -> Synaptic Manager -> Settings -> Repositories -> Authentication -> Import Key File...
  • (Alternatively, you can manually add the key from the command line Terminal. See Add Repository keys.)
  • Refresh the package list from the new repository:
Synaptic -> Reload

Manually add repositories

  • Adding a repository (such as a Launchpad ppa repository) can be accomplished from the command-line interface: 
sudo apt-add-repository ppa:user/repository

where ppa:user/repository is an example of the repository you wish to add.

  • To remove a repository: 
sudo apt-add-repository -r ppa:user/repository
  • Refresh the packages list from the new repositories: 
sudo apt-get update

Edit the repository sources list

  • This is an optional, labor intensive method. Do this at your own risk. Modify the default Ubuntu sources.list only if you understand what you're doing. Mixing repositories can break your system. For more information see the Ubuntu Command-line Repository guide.
  • Create a backup of your current list of sources. 
sudo cp -i /etc/apt/sources.list /etc/apt/sources.list_backup

Note: sudo - runs the command with root privileges. cp = copy. -i = prompt to overwrite if a file already exists.

  • Edit the list of sources: 
sudo nano /etc/apt/sources.list
or using a graphical editor: 
gksudo gedit /etc/apt/sources.list
  • Note: To use your local mirror you can add "xx." before archive.ubuntu.com, where xx = your country code.
Example: deb http://gb.archive.ubuntu.com/ubuntu licid main restricted universe multiverse indicates a repository for Great Britain (gb).
  • Here is a sample sources.list. At the end have been added repositories for Medibuntu and Google: 
#deb cdrom:[Ubuntu 11.10 _Oneiric Ocelot_ - Release i386]/ oneiric main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://gb.archive.ubuntu.com/ubuntu/ oneiric main restricted
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://gb.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://gb.archive.ubuntu.com/ubuntu/ oneiric universe
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric universe
deb http://gb.archive.ubuntu.com/ubuntu/ oneiric-updates universe
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://gb.archive.ubuntu.com/ubuntu/ oneiric multiverse
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric multiverse
deb http://gb.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://gb.archive.ubuntu.com/ubuntu/ oneiric-backports main restricted universe multiverse
deb-src http://gb.archive.ubuntu.com/ubuntu/ oneiric-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository. This software is not part of Ubuntu, but is
## offered by Canonical and the respective vendors as a service to Ubuntu
## users.
deb http://archive.canonical.com/ubuntu oneiric partner
deb-src http://archive.canonical.com/ubuntu oneiric partner

deb http://security.ubuntu.com/ubuntu oneiric-security main restricted
deb-src http://security.ubuntu.com/ubuntu oneiric-security main restricted
deb http://security.ubuntu.com/ubuntu oneiric-security universe
deb-src http://security.ubuntu.com/ubuntu oneiric-security universe
deb http://security.ubuntu.com/ubuntu oneiric-security multiverse
deb-src http://security.ubuntu.com/ubuntu oneiric-security multiverse

## Medibuntu - Ubuntu 11.10 "Oneiric Ocelot"
## Please report any bug on https://bugs.launchpad.net/medibuntu/
deb http://packages.medibuntu.org/ oneiric free non-free
deb-src http://packages.medibuntu.org/ oneiric free non-free

# Google software repository
deb http://dl.google.com/linux/deb/ stable non-free
  • Refresh the packages list from the new repositories: 
sudo apt-get update

Add repository keys

  • Download the gpg keys for the repositories and automatically add them to your repository keyring:
  • Example: To obtain and add the Medibuntu repository key: 
wget --quiet http://packages.medibuntu.org/medibuntu-key.gpg -O - | sudo apt-key add -
  • Example: To obtain and add the Google repository key: 
wget --quiet http://dl.google.com/linux/linux_signing_key.pub -O - | sudo apt-key add -

Note: wget - retrieves a file from a network location. --quiet = no output. -O = Output downloaded item to terminal. The | (pipe symbol) is used to capture the output from the previous command (in our case the screen) and use it as an input for the piped command (i.e. apt-key, which adds it to the keyring).

  • Alternatively (and perhaps more easily), you can use apt-key directly: 
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys KEY
where KEY is the missing key code printed in apt-get output, e.g. EF4186FE247510BE.
Note: Key servers often use port 11371. Make sure your firewall allows port 11371 to be open.

Package Installation and Updates

Apt and Package Basics

Most new users will use the Synaptic Package Manager to install packages. These instructions are for installing packages from the command-line Terminal. Terminal can be started:

Menu -> Applications -> Accessories -> Terminal
  • Install packages: 
sudo apt-get install packagename
  • Example: 
sudo apt-get install mpd sbackup
  • Remove packages: 
sudo apt-get remove packagename
  • To remove all dependencies: 
sudo apt-get autoremove
  • Example: 
sudo apt-get remove mpd sbackup
  • Search for packages: 
apt-cache search <keywords>
  • Examples: 
apt-cache search Music MP3
apt-cache search "Text Editor"

sudo apt-get update
  • Upgrade packages: 
sudo apt-get upgrade
  • Upgrade the entire distribution (e.g. from Maverick to Natty): 
sudo apt-get dist-upgrade

Installing .deb packages

Debian (.deb) packages are the packages that are used in Ubuntu. You can install any .deb package in your system. .deb files can generally be installed from your file manager (Nautilus) merely by clicking on them, since file associations with the default installer is already set in Ubuntu. These instructions are for those who wish to install packages from the command-line terminal (Terminal).

  • Install a downloaded Debian (Ubuntu) package (.deb): 
sudo dpkg -i packagename.deb
  • Remove a Debian (Ubuntu) package (.deb): 
sudo dpkg -r packagename
  • Reconfigure/Repair an installed Debian (Ubuntu) package (.deb): 
sudo dpkg-reconfigure packagename
*Example: 
sudo dpkg-reconfigure mpd

Handling (Tar/GZip) and (Tar/Bzip2) archives

(Tar/GZip) archives end in ".tar.gz" and (Tar/Bzip2) archives end in ".tar.bz2". Bzip2 is the newer, more efficient compression method. These files can generally be automatically extracted by merely clicking on them from your file manager (Nautilus), since file associations with the appropriate archival utilities are set by default in Ubuntu. These instructions are for those who wish to use the command line Terminal.

  • To extract: 
tar xvf packagename.tar.gz

Note: tar is an application which can extract files from an archive, decompressing if necessary.

-x means extract.
-v means verbose (list what it is extracting).
-f specifies the file to use.
  • Decompressing ".gz" files 
gunzip file.gz
  • Decompressing ".bz2" files 
bunzip2 file.bz2
Note: You can also decompress a package first by using the command gunzip (for .gz) or bunzip2 (for .bz2), leaving the .tar file. You would then use tar to extract it.
  • To create a .gz archive: 
tar cvfz packagename.tar.gz folder
  • To create a .bz2 archive: 
tar cvfj packagename.tar.bz2 folder

Installing a package from source

  • Make sure you have all the necessary development tools (i.e. libraries, compilers, headers): 
sudo apt-get install build-essential linux-headers-$(uname -r)
Note: "uname -r" lists the current kernel you are using
  • Extract the archive that contains the source files: 
tar xvf sourcefilesarchive.tar.gz
  • Build the package using the package's script (in this case the configure script), compile the package (make), and install the compiled package into your system (make install): 
cd /path/to/extracted/sourcefiles
./configure
sudo make
sudo make install
Note: typing ./ before a filename in the current folder allows the Linux shell to try and execute the file as an application even if it is not in the path (the set of folders which it searches when you type a command name). If you get a "permission denied" error, the file is not marked as being executable. To fix this: 
sudo chmod +x filename
Example: In the above instructions, configure is the shell script to build the package from source. To be sure the configure script is executable: 
sudo chmod +x configure
Create a .deb package from source files

If your build from source is successful, you can make a Debian (Ubuntu) package (.deb) for future use:

  • Install package tools: 
sudo apt-get install checkinstall
  • Rebuild package using "checkinstall": 
cd /path/to/extracted/package
./configure
sudo make
sudo checkinstall
  • Keep the resulting ".deb" file for future use. It can later be installed using: 
sudo dpkg -i packagename.deb

Note: These are basic instructions that may not always work. Some packages require additional dependencies and optional parameters to be specified in order to build them successfully. Also see these Ubuntu wiki instructions. More info about .deb package structure can be found here.

Aptitude

Aptitude is a terminal-based package manager that can be used instead of apt-get. Aptitude marks packages that are automatically installed and removes them when no packages depend on them. This makes it easy to remove applications completely. To use Aptitude, replace apt-get with aptitude in the command line. Example: 

sudo aptitude install packagename
sudo aptitude remove packagename
sudo aptitude update
sudo aptitude upgrade

For an ncurses-based graphical user interface, type 

sudo aptitude

For more information, see the aptitude documentation.

Synaptic Package Manager

While "apt-get" and "aptitude" are fast ways of installing programs/packages, you can also use the Synaptic Package Manager (Menu -> System -> Administration -> Synaptic Manager), a GUI method for installing programs/packages. Most (but not all) programs/packages available with apt-get install will also be available from the Synaptic Package Manager. This is the preferred method for most desktop users. In this guide, when you see 

sudo apt-get install package

you can simply search for package in Synaptic and install it that way.

Menu -> System -> Administration -> Synaptic Package Manager
  • Search for the name of the program/package. You can also search for a word in its description.

-> Mark for Installation -> Apply

  • The selected program(s) will be automatically installed, along with its dependencies.

Ubuntu Software Center (Add/Remove Programs)

Not all packages available from apt-get, aptitude, and Synaptic Package Manager are available in the Ubuntu Software Center. However, it is the easiest interface for new users of Ubuntu and directs them to preferred packages.

Menu -> Applications -> Ubuntu Software Center
  • Search for the sort of program you want to add. Example: type MP3 to see a list of mp3 software.

-> Mark for Installation -> Apply

  • The selected program(s) will be automatically installed.

Manual Updates

  • Manually, from Terminal (command line interface): 
sudo apt-get update
sudo apt-get upgrade
or
  • Use Synaptic Package Manager:
Menu -> System -> Administration -> Synaptic Package Manager -> "Reload" then "Mark all upgrades"
If there are packages available for updating, you will be prompted whether to install them.

Automated Updates

  • Use Synaptic Package Manager:
Menu -> System -> Administration -> Synaptic Manager -> Settings -> Preferences -> General -> Reloading Outdated Package Information -> Automatic

Repair broken packages

If a package installation fails (which can cause a Package Manager to freeze or become locked), or if a package has unsatisfied dependencies causing a similar condition, then run one (or both) of the following commands from the command-line terminal: 

sudo apt-get install -f
sudo dpkg --configure -a

Desktop Add-ons

There are many add-on icons, themes, wallpapers, 3-D effects, and other customizations available for the GNOME desktop.

Gnome Eye-Candy Resources

  • Gnome Look has wallpapers, splash screens, icons, and themes for windows managers (including Metacity and Compiz) and other applications.

Ubuntu Wallpaper

Change Plymouth Splash Screen

This is the initial splash screen you see at bootup. Different Plymouth themes can be found by searching for plymouth-theme in a Package Manager. Install a new one and then: 

sudo update-alternatives --config default.plymouth
sudo update-initramfs -u
and manually select the theme you wish to use.

Plymouth does not reliably work with nVidia drivers and during bootup a blank screen may result for several seconds.

Metacity

Metacity is the default desktop compositing manager in Gnome. It is lightweight, streamlined and does not have many configurable options, but has multiple themes available at Gnome Look.

Compiz Fusion

Compiz Fusion is available as a separate Windows Manager, to allow advanced desktop effects such as the rotating cube desktop. Many Ubuntu users choose to run Compiz, which is quite fast in Ubuntu. Install: 

sudo apt-get install compiz compizconfig-settings-manager compiz-fusion-plugins-main compiz-fusion-plugins-extra emerald librsvg2-common

To change to Compiz as the Window Manager:

  • Select Compiz Configuration:
Menu -> System -> Preferences -> CompizConfig Settings Manager
Note: You must logout and log back in for the change to take effect.

Fusion Icon

Fusion Icon is a tray icon that allows you to easily switch between window managers, window decorators, and gives you quick access to the Compiz Settings Manager. This allows quick toggling of 3-D desktop effects (that may not be compatible with some applications). 

sudo apt-get install fusion-icon
Menu -> Applications -> System Tools -> Compiz Fusion Icon

You can then easily access CompizConfig Settings Manager from the icon.

Rotate the Compiz Cube

Set the CompizConfig Settings Manager to enable the "Desktop Cube" and "Rotate Cube" and "Viewport Switcher" options. Click on the icon for each to customize settings. For example, to change the appearance of the cube, click on the Desktop Cube icon to access its settings. You can set the hotkey buttons for rotating the cube in the "Viewport Switcher" settings. Otherwise, hold down the Ctrl+Alt+Left mouse button and drag the mouse (or touchpad) the direction you want to rotate the cube.

Remember, the cube rotates between desktops. It's not a cube unless you have at least 4 desktops running. You will not get a cube if you are only using 2 desktops (you will get a "plate"). You can still rotate the sides of the plate, of course, but it will not be a cube. (Recent users from the Windows OS may have no experience with the concept of simultaneous desktops, but they are nice once you learn how to use them).

When running Compiz fusion as the Windows Manager, you must change the default number of desktops from within CompizConfig Settings Manger. To enable 4 desktops:

CompizConfig Settings Manager -> General -> General Options -> Desktop Size -> Horizontal Virtual Size -> 4

When you start an application, you can assign it to any one of the 4 desktops by right-clicking the upper left corner of the application window and choosing the "To Desktop..." option. Rotating the cube shows the different desktops. You can also go to a desktop using the taskbar icon which shows the 4 desktops.

Emerald

Emerald is the theme engine for Compiz Fusion. Multiple themes are available. (These themes originated from the Beryl project before it merged with Compiz to form Compiz Fusion.) The Emerald Theme Manager for Compiz Fusion can be installed: 

sudo apt-get install emerald

Google Desktop

Google Desktop for Linux was a proprietary suite of Google widgets and applications. It was discontinued in September 2011.

gDesklets

gDesklets are similar to Windows widgets and Google gadgets and provide information such as weather, system resources, and news primarily for the Gnome desktop (i.e. Ubuntu Maverick and older). Install: 

sudo apt-get install gdesklets

Dock applications

Avant Window Manager, Cairo Dock, gnome-do and Wbar are dock-like applications for Ubuntu Linux. A dock represents running programs as icons at the bottom of the screen (as is done on the Mac OS X desktop), instead of by toolbar panel segments (as is done in Windows and other Linux window managers). See this brief comparison of dock applications.

Avant Window Navigator

  • Avant Window Navigator requires that a desktop composition manager (such as Metacity, Compiz, Xcompmgr, KDE4 (Kubuntu), or xfwm4 (Xubuntu)) be installed and running.
  • Install and upgrade proprietary nVidia or ATI graphics drivers so that the compositing manager functions properly.
  • Install AWN: 
sudo apt-get install avant-window-navigator awn-manager
(Note: If you are using Gnome (Ubuntu) and do not already have a compositing manager installed (such as Compiz), Metacity will be installed as part of the installation.)
  • Enable automatic startup of AWN at bootup:
  • Menu -> System -> Preferences -> Startup Applications -> Add... 
avant-window-navigator
  • Select which applets should run from the dock menu by default:
  • Menu -> Applications -> Accessories -> Avant Window Navigator Manager
You can drag application icons onto the list, then activate or deactivate the applets from the list.

Cairo Dock

Cairo Dock can be used either with a desktop compositing manager (such as Metacity for Gnome, Compiz, or the KDE4 Window Manager) or without one. See the Ubuntu installation instructions for details. It is available from the repositories: 

sudo apt-get install cairo-dock cairo-dock-plug-ins

Gnome Do

Gnome Do is a docking utility for Gnome. Install: 

sudo apt-get install gnome-do
  • From the preferences pane of gnome-do select the Docky look and feel to get the dock (rather than the default Quicksilver-like) look and feel.

wbar

wbar is a quick-launch bar (not a dock) that has an appearance similar to Avant Window Manager and Cairo Dock. It is GTK (Gnome) based but can work in all desktop environments. It does not require a compositing manager to be installed and is therefore quicker and more suitable for low-end hardware systems. It is the default in the Google gOS desktop and is available as a .deb package from Google. Download and install (from the command-line Terminal): 

wget http://wbar.googlecode.com/files/wbar_1.3.3_i386.deb 
sudo dpkg -i wbar_1.3.3_i386.deb
  • Start wbar with custom start options (e.g. by pressing alt+F2). Here is an example: 
wbar -isize 48 -j 1 -p bottom -balfa 40 -bpress -nanim 3 -z 2.5 -above-desk
Here is another example: 
wbar -above-desk -pos bottom -isize 60 -nanim 1 -bpress -jumpf 0.0 -zoomf 1.5

For a full list of command-line startup options, see: 

wbar --help

Tip: If you want the "wave" effect just increase the -nanim value. I like the icons to just pop up so I don't use it, but with 9 icons 5 there is a nice "wave" effect.

Obviously, you could create a menu item with the command line options (similar to the examples above), or a batch file that can be automatically started at system startup (as a cron event or startup session).

You can also change wbar startup options by editing the configuration file: 

sudo gedit /usr/share/wbar/dot.wbar

See this example configuration file. However, not all options are able to be set from the configuration file and must be run from the command line. For more info see this wbar guide.

wbarconf

A simple wbar configuration utility can be downloaded as a .deb package and installed: 

wget http://koti.kapsi.fi/~ighea/wbarconf/wbarconf_0.7.2-1_i386.deb
sudo dpkg -i wbarconf_0.7.2-1_i386.deb

Virtualization

Virtualization allows a second operating system (OS), such as Windows or OS X, to be run from within (K)Ubuntu. This requires extra RAM (because both (K)Ubuntu and the virtualized second OS require separate amounts of RAM) and a license for the second OS. If you wish to run a virtualized instance of Windows XP, for instance, you must have a license for Windows XP.

VirtualBox

VirtualBox is a fast and complete virtualization solution owned and maintained by Sun Microsystems. There is a free and fully open-source edition available under the GNU GPL license.

  • Install the open-source edition: 
sudo apt-get install virtualbox-ose virtualbox-ose-source virtualbox-guest-additions
  • You can also add the QT-version (if using KDE/Kubuntu, for example): 
 sudo apt-get install virtualbox-ose-qt
  • Start VirtualBox:
Menu -> VirtualBox OSE PC virtualization solution

For usage instructions, see the End-user documentation. For information on installing Virtualbox in Windows so that Ubuntu can then be installed within in a virtual machine running in Windows, see this page.

Proprietary versions of VirtualBox

A few additional features that are not yet in the OSE version, such as a USB device interface, are available in the proprietary version of VirtualBox. To install a proprietary edition of VirtualBox:

  • Add the security key: 
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

echo "deb http://download.virtualbox.org/virtualbox/debian maverick non-free" | sudo tee /etc/apt/sources.list.d/virtualbox.list
sudo apt-get update
  • Install: 
sudo apt-get install virtualbox

VMWare

VMWare is a commercial virtualization platform that currently offers two free products: VMWare Player and VMWare Server (the latter with a free renewable yearly license). VMWare Player can play virtual appliances that have already been created, whereas VMWare Server (which has a broader range of features) allows the creation of virtual machines. In general, VMWare Server is recommended unless you only need to play an appliance. (Appliances will also run in VMWare Server). Users that wish to run servers (or processes) that need to be available to a network from within the virtual machine should use VMServer. If you wish to install a new OS within a virtual machine (other than in an appliance), you will need VMWare Server.

VMWare Player

Installation instructions are on the website, or at the Ubuntu community wiki. In brief, to install the free VMWare Player:

  • Install pre-requisites: 
sudo apt-get install build-essential linux-headers-$(uname -r)
  • Get the binary package/installation script, give it executable privileges, then run the installation script: 
wget http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle
chmod +x VMware-Player-2.5.3-185404.i386.bundle
sudo ./VMware-Player-2.5.3-185404.i386.bundle
  • Run:
Menu -> Applications -> System Tools -> VMWare Player

Create an Ubuntu Appliance

While any edition of Ubuntu can be installed in a virtual machine, the minimal installation option (F4) of the Ubuntu Server creates a highly-efficient edition (previously known as JeOS) optimised for use within a virtual appliance (which can then be played using VMWare Player or other virtual machine client). See this walkthrough.

A virtual appliance for VMWare Player (using this JeOS minimal server) can also be built using vmbuilder.

VMWare Server

  • Install pre-requisites: 
sudo apt-get install build-essential linux-headers-$(uname -r)
  • Download the server source files for your architecture (32-bit or 64-bit) from the VMWare Server website and retrieve your license key by email.
  • Extract the files, give execution privileges to the install script, and run the install script: 
tar xvf VMware-server-2.0.1-156745.i386.tar.gz
cd vmware-server-distrib
chmod +x vmware-install.pl
sudo ./vmware-install.pl
VMWare Package

VMWare Appliances (that include an Ubuntu/Debian OS) can be created using VMWare Server and the VMWare Package utility. These appliances can then be deployed to users who can play them using VMWare Player. Install: 

sudo apt-get install vmware-package

Keyboard errors in VMware guest

After installing VMWare 6.5, and installing a guest OS, the Function, arrow and Del/End/etc keys do not function. This is a bug with VMWare´s code. Add this line to ~/.vmware/config (create file if necessary) to fix this issue: 

xkeymap.nokeycodeMap = true

KVM

KVM is the free open source virtualization solution implemented as a Linux kernel module (in the recent kernels) for computers whose processors contain virtualization extensions (Intel VT or AMD-V). See the Ubuntu installation instructions. Install: 

sudo apt-get install kvm

Qemu (without KVM)

If your computer does not have the virtualization extensions, you can still run the QEMU virtualization platform. See this Ubuntu community documentation. It can be installed from source code.

Xen

Xen is an efficient open-source virtualization ("hypervisor") platform (which includes a merge with QEMU). It is the basis for the Amazon EC2 Cloud and is generally intended for use on a server (or on "baremetal" systems, i.e. no OS yet installed). It is free open source under a GPL license. The latest desktop (and installation instructions) is available from the website. (A commercial version is also offered by Citrix.) Implementation in Ubuntu requires some modification, currently. For more info, see the Ubuntu community documentation. Install: 

sudo apt-get install xen-hypervisor xen-docs convirt

A Xen virtual machine host can also be installed automatically with certain 64-bit CPUs, using the 64-bit Ubuntu Server LiveCD. (A (K)Ubuntu desktop can then later be added -- see Ubuntu server).

Virtual Machine Manager

Virtual Machine Manager is an application to allow viewing of all instances of virtual machines on your system. It includes a secure implementation of VNC. This and other virtual management tools are available as an integrated package in (K)Ubuntu. Install: 

sudo apt-get install ubuntu-virt-mgmt

Crossover for Linux

Codeweavers' Crossover Office for Linux is a subscription-based commercial package that allows many Windows programs to be run on Ubuntu without the need for a Microsoft OS license or a complete virtualization system. See the website for more info. Codeweavers releases older versions of this product into the free package Wine.

Wine

Wine is a free open-source package that is similar to (and implements many elements of) CrossOver for Linux. Like CrossOver for Linux, no Microsoft license or virtualization platform is required to run Windows programs. See these instructions for installing the latest version of Wine. 

sudo apt-get install wine

Also consider installing Microsoft's TrueType fonts: 

sudo apt-get install msttcorefonts

PlayOnLinux

PlayOnLinux is a Wine frontend which simplifies the installation and launch of many Windows programs, particularly games. Install: 

sudo apt-get install playonlinux
Internet Explorer 7

Internet Explorer 7 can be installed with PlayOnLinux. Select "Internet Explorer 7" from the "Internet" section of PlayonLinux.

Internet Explorer 6 & 7

Internet Explorer 6 & 7 can function under Wine, albeit imperfectly. For most purposes, Firefox can be used (with the User Agent Switcher plugin) to mimic Internet Explorer.

  • Make sure you have Wine and cabextract packages: 
sudo apt-get install wine cabextract

wget http://winetricks.org/winetricks
sudo chmod +x winetricks
  • Install with winetricks: 
sh winetricks ie6
sh winetricks ie7

Note: Winetricks is automatically installed with the current version of Wine.

Transgaming Cedega

Cedega is a commercial application (similar to CrossOver Office and Wine), for installing and running some Windows applications, specifically games, without the need for virtualization or a Microsoft license. It provides 3D support, software acceleration support, and a high level of DirectX support. Installation instructions are found on the website.

Mono

Mono is a free open source project sponsored by Novell to allow .NET programs to function in Linux ((K)Ubuntu) and Mac OS X. . Several GNOME applications (like Tomboy, F-Spot, and Banshee) require mono to be installed, so mono may already be installed by default on your system. The most recent version is available here. 

sudo apt-get install mono-2.0-devel

Moonlight

Java

  • Install Java: 
sudo apt-get install default-jre

DosBox

DOSBox is a DOS-emulator that emulates CPU:286/386 realmode/protected mode, Directory FileSystem/XMS/EMS, Tandy/Hercules/CGA/EGA/VGA/VESA graphics, and a SoundBlaster/Gravis Ultra Sound card (for sound compatibility with older games). You can "re-live" classic games that otherwise won't run on newer computers. 

sudo apt-get install dosbox

ScummVM

ScummVM allows certain classic graphical point-and-click adventure games to run (provided you already have their data files). ScummVM replaces the executables shipped with the games, allowing play on Linux operating systems (for which they were not originally designed). 

sudo apt-get install scummvm

Edutainment Applications

There are many superb applications that can be installed with a single click.

Menu -> Applications -> Ubuntu Software Center-> Education

Below are a few examples that can be installed from this menu:

  • Celestia -- a free planetarium and space simulator for the desktop

Stellarium -- an astounding planetarium for the desktop

  • K3DSurf -- a program for modeling 3,4,5, and 6 dimensional models.
  • Bibletime-- a Bible study tool using the QT platform
  • Zekr -- an Islamic Quran study tool (available in Utilities)
  • Oregano -- a program for electrical engineering schematics
  • RlPlot -- a high quality graph generator
  • Mnemosyne -- a flash-card tool
  • Gramps -- map your family-tree and co-operate with genealogy projects

Games

There are some phenomenal games for (K)Ubuntu Linux.

There are hundreds of free, open-source games available in (K)Ubuntu. Most (including the KDE Games collection and the Gnome Games collection) can be accessed through the Games section of your Package Manager.

Examples are:

  • PouetChess -- an excellent 3-D chess game (sudo apt-get install pouetchess)
  • PokerTH -- a very nice Texas Hold 'Em Poker (install using PPA repository)
  • Kajongg -- a real MahJongg game, for humans and/or robots (sudo apt-get install kajongg)
  • Planet Penguin Racer -- Penguin slides down a 3-D luge run, catching fish. (Extreme Tux Racer is a newer version, but works in 32-bit only.)
  • KsirK -- play Risk against the computer or in a multiplayer environment (sudo apt-get install kdegames)
  • Racer -- the 3-D "real deal" Car Racing game (install binary found here). Also with extra tracks and add-ons.
  • TORCS -- the 3-D Car Racing game (sudo apt-get install torcs)
  • Supertuxkart -- the go-kart racing game (sudo apt-get install supertuxkart)
  • Pingus -- a Lemmings clone (similar to Super Mario Bros.) that uses penguins instead of lemmings (sudo apt-get install pingus)
  • Frozen Bubble -- the bubble-popping game (sudo apt-get install frozen-bubble)
  • Frets on Fire -- similar to Guitar Hero. You can import songs from Guitar Hero and from community sites (sudo apt-get install fretsonfire)
  • Scorched3d -- turn-based artillery game in a 3D rendered landscape (sudo apt-get install scorched3d)
  • Pyscrabble (and pyscrabble-server) -- online Scrabble game and server (sudo apt-get install pyscrabble pyscrabble-server) (Also see Lexulous and the Internet Scrabble Club for browser-based online games similar to Scrabble. Internet Scrabble Club requires Java: sudo apt-get install default-jre . It also requires firewall port 1325 to be open inbound/outbound.)

Wing Commander Privateer

The Linux version of this free version of Wing Commander can be downloaded as a binary here.

Vdrift

Vdrift is a free open source 3-D racing game, similar to Need for Speed, with realistic physics, multiple drift tracks, and multiplayer games. Support for joysticks, mice and keyboard is included. A binary package for Linux is available from the website.

Action

Incredible action games (including those from the Top 25) are available in Ubuntu. Many can be installed using:

Menu -> Applications -> Ubuntu Software Center -> Games

Examples are:

  • Alien Arena -- a multi-player first person shooter action game with free servers. (Package: alien-arena) (Server: alien-arena-server)
  • OpenArena -- an open-source multi-player first person shooter action game, with free servers. (Package: openarena) (Server: openarena-server)
  • Tremulous -- a Halo-like multiplayer first person shooter action game. The repositories have the current version. (Package: tremulous) (Server: tremulous-server)
  • Sauerbraten - a multiplayer graphics-rich first person shooter game evolved from Cube. (Package: sauerbraten) (Server: sauerbraten-server)
  • Nexuiz -- an open-source multi-player first person shooter game with free servers and tournaments. (Package: nexuiz) (Server: nexuiz-server) A 35 map add-on community pack is also available here. To install it, extract the map pack to /home/username/.nexuiz/data (or ~/.nexuiz/data ).

Note: Many of these games require advanced graphics. Make sure you have the necessary hardware drivers activated.

UrbanTerror

UrbanTerror is a multiplayer first person shooter action game (with an integrated server). It uses the open-source quake 3 engine and features many real weapons and free-to-use servers for multi-player functionality. "Not recommended for adolescents in Germany." Download and install the binary using these instructions.

Doom

Skulltag, ZDoom, and PrBoom (Freedoom) are versions of Doom2. For Doom3, see Doom3 on Ubuntu.

Skulltag

Skulltag is an updated version of ZDoom that includes network play. See the website for simple (K)Ubuntu installation instructions. (You can use the Freedoom Iwad (see below) if you don't have an original Doom2.wad.) Note: Most of the modules require dependencies from the Universe repositories. Make sure you have the Universe repositories enabled (Synaptic Package Manager -> Settings -> Repositories -> Edit Software Sources -> Community-maintained Open Source software (universe) -> (ticked)).

  • Install prerequisites: 
sudo apt-get install timidity timidity-interfaces-extra
  • Then add the skulltag repositories, update, and install Skulltag and DoomSeeker (the Skulltag online server utility): 
echo "deb http://skulltag.net/download/files/release/deb/ jaunty multiverse" | sudo tee /etc/apt/sources.list.d/skulltag.list
sudo apt-get update
sudo apt-get install skulltag doomseeker-skulltag
  • If you don't have a doom2.wad, tnt.wad, or plutonia.wad already, you can copy the freedoom.wad to your ~/.skulltag folder: 
cd ~/.skulltag
wget http://mirror.cinquix.com/pub/savannah/freedoom/freedoom-iwad/freedoom-iwad-0.6.4.zip
unzip freedoom-iwad-0.6.4.zip
cp freedoom*/doom2.wad .
rm freedoom-iwad-0.6.4.zip
  • If you need more help (regarding the Skulltag-server, firewalls, and port forwarding with Skulltag, for example), see these additional tips.
  • Skulltag runs on any platform, with any graphics, and on almost any computer. There are thousands of add-ons, maps, and gameplay modes, giving a nearly endless variety of gameplay. The interface makes obtaining and playing the modifications very easy. This is my favorite game of all time (and I have been playing it for years).

PrBoom

PrBoom is a free open source port of the original first person shooter action game, Doom2. It does not have the advanced options of ZDoom. Freedoom is a free Iwad (set of maps) to replace the original Doom2.wad. 

sudo apt-get install prboom freedoom timidity timidity-interfaces-extra

There are thousands of extra maps (Wads) available for this game. It is easiest to keep a directory for your wads in your home directory: 

mkdir /home/user/wads
or alternatively, use the /usr/share/games/doom folder, giving universal privileges to the folder: 
chmod -R 777 /usr/share/games/doom

Place your doom2.wad, tnt.wad, or plutonia.wad (from your original game) into this folder. If you don't have one, you can copy the Freedom version of doom2.wad from /usr/share/games/freedoom into this folder. Place any new .wad's you have downloaded from the Internet into this folder as well. Then run the game using both the original iwad map as well as your new .wad map (you will only see the new map). 

prboom -iwad /home/user/wads/doom2.wad -file /home/user/wads/new_wad.wad

Note: Only doom2.wad, tnt.wad, or plutonia.wad can be used as an iwad. You must have one of these in addition to any new wad you wish to use. When in doubt, use doom2.wad.

Note: this game can also be installed using Menu -> Applications -> Ubuntu Software Center -> Games as Freedoom, but you must also install timidity and timidity-interfaces-extra.

MMORPG

Spring

The Spring Project is a scripting engine platform to develop and play free multiplayer games such as Star Wars Imperial Winter and Complete Annihilation. Install: 

sudo apt-get install spring

Regnum Online

Regnum Online MMPORG -- see basic installation instructions and the help forum as needed.

PlaneShift

PlaneShift is a free full-immersion online fantasy game (MMPORG). Client downloads and patches are available here.

  • Make the downloaded binary installation file executable: 
cd /directory_where_downloaded
chmod +x PlaneShift-v0.5.4-x64.bin
  • Run the executable binary as root (this must be done from the command line Terminal): 
sudo ./PlaneShift-v0.5.4-x64.bin
  • Follow the instructions for installation. When prompted whether to manually set permissions, answer "no."
  • During installation, most users have recommended installing this game to your /home directory as a single user installation, instead of to /opt for all users. This avoids permissions problems. I was able to install to /opt, but it takes some effort.
  • Make sure your user belongs to the games group:
Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups -> games -> Properties -> Group Members -> user (ticked) -> OK
Menu -> Applications -> Lost & Found -> Client and Setup

To run it from the menu, I had to edit the menu entries by checking the box: "Run in terminal." Alternatively, run it from the command-line Terminal: 

sudo /opt/PlaneShift/pssetup
sudo /opt/PlaneShift/psclient

Notes: This game ran very slowly for me on a 32-bit installation with a DSL connection and I gave up. The 64-bit installation worked better.

Dolphin (Wii emulator)

The Dolphin emulator is an open-source cross-platform Wii emulator that allows many Wii game disks to be run on many operating systems. (Whether the Wii Netflix disk will run under the Dolphin emulator has not yet been established.) (The Dolphin-emulator has no relationship to the KDE Dolphin file manager). Installation instructions are here.

Internet Applications

Internet applications enable you to make full use of your Internet connection. Web browsers, Email clients, Instant Messengers, and more are included in this category.

Web Browsers

Mozilla Firefox

Mozilla Firefox is the ubiquitous web browser. Based on open source components, it is trademarked and cannot be altered or re-distributed with any change that involves the name or trademarks. Install the current version: 

sudo apt-get install firefox

Firefox Plug-ins

Adblock Plus plug-in (block ads in a web page)

Adblock Plus blocks ads that appear in web pages. It is an important tool to limit tracking and undesirable website elements, as well. You can subscribe to a free filter service, and can add to the block list individual ads and website elements with a single click. 

sudo apt-get install xul-ext-adblock-plus
  • You can also add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Search All Add-ons -> AdBlock Plus. (This method will also ensure that automatic updates are installed by Firefox.)
  • Recent versions of Adblock Plus allow the display of a large number of "partner" ads unless you disable this undesirable behavior:
Firefox -> Tools -> Add-ons -> Adblock Plus -> Preferences -> Filter preferences... -> Allow some non-intrusive advertising (unticked)

Because Adblock Plus appears to now be creating holes in its own blocking service, it is probably worthwhile to stop automatic updates and only update Adblock Plus selectively (in case the developers in the future decide to create even more holes in the plug-in's blocking capability without the corresponding option to disable the behavior).

NoScript plug-in (controls scripts)

The NoScript plugin is considered one of the most important security measures for browsing the Internet. Most viruses and trojans gain access to computers from the Internet through scripts. This plugin allows you to choose which scripts to allow and blocks the rest.

  • Add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Search All Add-ons -> NoScript. (This method will also ensure that automatic updates are installed by Firefox.)
  • NoScript has a long of websites on its "whitelist." It is important to review this list and remove the websites for which you don't wish to automatically allow scripts (I remove them all).
Firefox -> Tools -> Add-ons -> NoScript -> Preferences -> Whitelist
  • A large number of websites use multiple locations/URLs to assemble their webpage content, a process which is blocked by NoScript's ABE (Application Boundaries Enforcer) function. I have found it necessary to disable ABE in order for most of my websites to function correctly.
Firefox -> Tools -> Add-ons -> NoScript -> Preferences -> Advanced -> ABE -> Enable ABE (unticked)
  • Many websites now use aggressive pop-ups to place advertising in front of the actrual content. While NoScript can block these ads, there will be a "placeholder" still blocking the content unless you turn off the placeholders:
Firefox -> Tools -> Add-ons -> NoScript -> Preferences -> Embeddings -> Show placeholder icon (unticked)
  • Most websites use scripting extensively these days, so that you may need to "Allow" a website in NoScript. To block the individual undesirable elements of the website, use AdBlock Plus.
Bookmark Favicon Changer plug-in

In the newest versions of Firefox, there are some bugs regarding the Favicons (the small icons that appear in the address bar) and the Bookmark icons. This plug-in will restore the icons that get erased (leaving a blank dotted box) or allow you to choose your own Favicons / Bookmark icons.

  • Add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Search All Add-ons -> Bookmark Favicon. (This method will also ensure that automatic updates are installed by Firefox.)
RefreshBlocker plug-in (prevents redirects)

RefreshBlocker allows the user to decide which websites (and pages) will be allowed to redirect (based on META tags within the webpage). Although Firefox (as of version 3.5) blocks all directs by default, the behavior is not customizable; it is therefore preferable to turn off the Firefox redirect control and use RefreshBlocker instead.

  • Add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Search All Add-ons -> RefreshBlocker. (This method will also ensure that automatic updates are installed by Firefox.)
  • Turn off the Firefox automatic redirect blocker:
Firefox -> Enter about:config in the browser location bar -> right-click on "accessibility:blockautorefresh" -> Toggle to change the value from true to false
Video DownloadHelper plug-in for Firefox

The Video DownloadHelper plugin allows the download of videos (including Flash videos) from sites like YouTube.

  • You can add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Search All Add-ons -> Video DownloadHelper. (This method will also ensure that automatic updates are installed by Firefox.)
User Agent Switcher plug-in for Firefox

Now that Firefox is the world's leading web browser, this plug-in should no longer be necessary. Still, there still exist a few old web apps that will only run on IE (and for them this plug-in may be useful). The User Agent Switcher plugin allows a browser to masquerade as another browser, allowing (most of the time) browser-specific content to be displayed.

  • You can add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Search All Add-ons -> User Agent Switcher. (This method will also ensure that automatic updates are installed by Firefox.)
Unplug Download Management

The UnPlug add-on lets you save video and audio which is embedded on a webpage.

  • You can add this extension from Firefox -> Tools -> Add-ons -> Get Add-ons -> Browse All Add-ons. (This method will also ensure that automatic updates are installed by Firefox.)
Lucifox (eBook reader extension)

Lucifox (Lucidor for Firefox) enables e-books to be read and e-book catalogs to be browsed in a Firefox window.

  • To install, go to the website and click "Download Now."
Java Runtime Environment (JRE) for Firefox plug-in

This package also installs the Java Runtime Environment. (JRE is also installed when OpenOffice or ubuntu-restricted-extras is installed.) 

sudo apt-get install sun-java6-jre sun-java6-plugin

Note: You must accept the license to use this product.

Adobe Acrobat Reader for Firefox Plug-in

This plugin is allows you to view Adobe Acrobat (PDF) files within the Firefox browser. 

deb http://archive.canonical.com/ubuntu Oneiric partner
then install Adobe Reader: 
sudo apt-get install acroread
  • Alternatively, this plugin is also available from the Medibuntu repository. Add the Medibuntu repository to your repository list: 
deb http://packages.medibuntu.org/ Oneiric free non-free
then install: 
sudo apt-get install acroread mozilla-acroread acroread-plugins acroread-fonts
Adobe Flash Player for Firefox Plug-in

To install the official Adobe Flash plugin (Flash 10) for Firefox: 

sudo apt-get install adobe-flashplugin
Gnash Plug-in (Open source Flash Player replacement)

Gnash is available in a 64-bit version as well as a 32-bit version. It is the open source replacement for Adobe Flashplayer. 

sudo apt-get install gnash

After installing, change your web browser's Preferences -> Applications so that SWF and SPL files use Gnash.

VLC plug-in for Firefox

This package allows the popular VLC player to play media within the Firefox browser. 

sudo apt-get install mozilla-plugin-vlc
Gecko MediaPlayer Plug-in for Firefox

Gecko MediaPlayer is a browser plugin for all Gecko-based browsers (Firefox, SeaMonkey, IceApe, Opera) that allows Mplayer to play multimedia within the browser. Install: 

sudo apt-get install gecko-mediaplayer

An alternative is to use the mplayer plugin for Firefox. Install: 

 sudo apt-get install mozilla-mplayer
Kaffeine Plug-in for Firefox

This package allows the Kaffeine media player (often used in KDE-based desktops) to play multimedia within the Firefox browser. 

sudo apt-get install kaffeine-mozilla
Helix player plug-in for Firefox

This package installs the Helix player (the open source player that plays Real Player content in Linux) as well as the plugin that plays RealMedia within the Firefox browser. 

sudo apt-get install mozilla-helix-player
Moonlight plugin for Firefox

Moonlight is part of the Novell Mono project that is an open source implementation of Silverlight (the Microsoft multimedia presentation platform). It is based on FFMpeg. It is made to work best with the Firefox 3 web browser, as a plugin (but also works with other mozilla browsers). Version 2.3 is available as a plugin for mozilla-based browsers: 

sudo apt-get install moonlight-plugin-mozilla
The stable version 2.4 is available here. The Moonlight 3.99 plugin (compatible with most Silverlight 3/4 content) is here.
  • Netflix under Moonlight
Netflix streaming requires both the capabilities of Silverlight 2.0 and Digital Rights Management modules. Although the current version of Moonlight 2.0 will run most Silverlight content (including Netflix content), Netflix has not yet released Digital Rights Management modules for Linux. Please contact Netflix directly for further information or sign a petition.
  • An HTML5 Netflix plugin (currently being developed by Google for the Chrome browser) may soon be available. Another alternative is the Netflix Android app which can be used in a virtual Android environment.
FireFTP for Firefox

FireFTP is a Firefox extension for FTP transfers.

Firefox Widgets

Turn off browser bar drop-down list in Firefox

This is the most frequently asked problem regarding Firefox. To turn off the location browser bar drop-down list (and therefore not show your browsing history):

Firefox -> about:config (in the location browser bar) -> browser.urlbar.maxRichResults -> right-click -> Modify -> set value to 0

Turn off SSL certificate name in address bar

In newer versions of firefox, the validity of the SSL certificate associated with a website is displayed as a color-coded background to the Favicon (the small icon displayed in the address bar). However, Firefox currently also displays the name of the site issuing the SSL certificate, which can be annoying, since for most sites this is a duplicate of the domain name (which then gets displayed twice in the address bar). To turn off this behavior:

Firefox -> about:config (in the location browser bar) -> browser.identity.ssl_domain_display -> right-click -> Modify -> set value to 0

View Firefox cache

In a new window/tab, enter about:cache in the Firefox address bar. You can view and save individual elements (from all open windows/tabs) in the cache from there.

IceCat

IceCat is Firefox distributed without the Mozilla trademark restrictions. It is endorsed by the Debian project (on which Ubuntu is based). It is formerly known as IceWeasel and is also known as IceApe Browser. Install the current version: 

sudo apt-get install iceape-browser

SeaMonkey

SeaMonkey is an open-source integrated internet application suite (including web browser, IM (IRC) client, Email client, RSS/News reader, and web development tools). It is based on the same components as the Mozilla products and shares the trademark and branding restrictions. There are many plugins, similar to those for Thunderbird and Firefox. Install: 

sudo apt-get install seamonkey

IceApe

IceApe is an open-source integrated internet application suite (including web browser, IM (IRC) client, Email client, RSS/News reader, and web development tools). It is based on the same components as the Mozilla product SeaMonkey, but has no restrictive trademark licensing, and is endorsed by the Debian project (on which Ubuntu is based). Install the current version: 

sudo apt-get install iceape

Opera

Opera is a proprietary browser and internet suite (currently free on PCs) also used in some mobile devices and gaming consoles. It includes email, an address book, IRC chat, integrated BitTorrent, and webfeeds. A limited number of plugins are also available. Download from the website and follow the instructions or install from the Opera repository: 

echo "deb http://deb.opera.com/opera/ stable non-free" | sudo tee /etc/apt/sources.list.d/opera.list
wget -O - http://deb.opera.com/archive.key | sudo apt-key add -
sudo apt-get install opera

Chromium

Chromium is the open-source browser on which the Google Chrome browser is based. Install: 

sudo apt-get install chromium-browser
  • Start Chromium:
Menu -> Applications -> Internet -> Chromium Web Browser

Google Chrome

Google Chrome is Google's web browser. Based on the Chromium browser, Google adds the Google name and logo, an auto-updater system called GoogleUpdate, RLZ, and other Google add-ons. Download and install it here.

Download Managers

MultiGet

MultiGet is a GTK-based free-standing download manager utility. 

sudo apt-get install multiget

Usenet Clients

Pan

Pan is a Gnome-based Usenet reader and nzb binary downloader. Install: 

sudo apt-get install pan

Kwooty

Kwooty is a Usenet reader and nzb binary downloader for KDE4. Installation instructions from source or PPA repositories are at the website.

Email Clients

Evolution

Evolution is the default Gnome-based email client in Ubuntu. If not installed: 

sudo apt-get install evolution

Evolution and PGP

Email messages can be encrypted in PGP and sent by email using Evolution. See this tutorial for an example how to configure it.

Thunderbird

Mozilla Thunderbird is a licensed and trademarked free open-source email client that is compatible with Firefox. Install: 

sudo apt-get install thunderbird

Lightning calendar extension

Lightning is the calendar extension for Thunderbird (with functionality similar to the stand-alone application Sunbird). It is currently available in a 32-bit version only. (If using a 64-bit OS, install the Sunbird calendar client instead.) Install by clicking on the Linux download at the website.

Enigmail

Enigmail is an add-on to Thunderbird that allows you to easily encrypt your email using OpenPGP, which is included in the kernel by default. It also allows you to create and manage the encryption keys. Go the website and click "Download Now". (64-bit versions are found here.) Install:

Thunderbird -> Tools -> Add-ons -> Install -> select downloaded file

or 

sudo apt-get install enigmail
  • Also see these tips for instructions on setting up e-mail with PGP encryption.

New Mail Icon for Thunderbird

"New Mail Icon" is an experimental tray add-on which notifes you of new mail. Download from the website. Install:

Thunderbird -> Tools -> Add-ons -> Install -> select downloaded file

KMail

KMail (Kontact Mail) is the default email client included with Kontact in KDE (Kubuntu). Kontact includes email, an address book, a calendar, reminders, pop-up notes, a link to the Akregator News/RSS reader, time-tracking, and more. Install: 

sudo apt-get install kontact

Newsreaders

Akregator

Akregator is the default news/RSS reader included with Kubuntu (KDE). Usage instructions are found in the Handbook. Install: 

sudo apt-get install akregator

RSSOwl

RSSOwl is a Java-based RSS | RDF | Atom Newsfeed Reader.

Install java and in order to use the internal browser, install the packages xulrunner and firefox: 

sudo apt-get install sun-java6-jre firefox xulrunner

Change to your "opt" directory: 

cd /opt

Download the zip-archive into your opt directory: 

sudo wget http://downloads.sourceforge.net/rssowl/rssowl-2.0.6.linux.zip

Extract the archive and remove the extracted file: 

sudo unzip ./rssowl-2.0.6.linux.zip && sudo rm ./rssowl-2.0.6.linux.zip

Make a startscript: 

sudo gedit /usr/bin/runRSSOwl.sh

add the following lines to your startscript file /usr/bin/runRSSOwl.sh and save it afterwards. 

    #!/bin/bash
    cd /opt/rssowl
    ./RSSOwl

Make the startscript executable: 

sudo chmod u+x /usr/bin/runRSSOwl.sh

To start RSSOwl: 

runRSSOwl.sh

Instant Messengers

Empathy

Empathy is an open source IM application. It is the default in the Ubuntu (Gnome) desktop. You can access multiple services with it. If not already installed, you can install it: 

sudo apt-get install empathy

Pidgin

Pidgin is an open source IM application. It is the previous default in the Ubuntu (Gnome) desktop. You can access multiple services with it. 

sudo apt-get install pidgin

Kopete

Kopete is the default Instant Messenger application for Kubuntu. You can access multiple services with it. Install: 

sudo apt-get install kopete

Kopete Styles

Additional styles for Kopete are available from KDE-look. Install from:

Kopete -> Settings -> Configure -> Chat Window -> Style -> Get New...

GoogleTalk on Kopete

Kopete can be configured to work with GoogleTalk Instant Messaging (but not VOIP) using the Jabber protocol. See these GoogleTalk instructions.

Konversation (IRC client)

Konversation is the default Kubuntu Internet Relay Chat (IRC) client. It functions similar to the venerable mIRC. "A little less action and a little more Konversation." -- Elvis. Install: 

sudo apt-get install konversation

aMSN

aMSN is an MSN Messenger utility that functions like the original client. It is alternative to Pidgin for MSN users. Install it: 

sudo apt-get install amsn

To enable Drag-and-Drop capabilities to aMSN for easy file transfer see Ubuntu Geek.

Emesene

Emesene is an MSN messenger client that uses a simplified interface similar to the original client. It is alternative to Pidgin for MSN users. Install it: 

sudo apt-get install emesene

FTP Clients

You might wish to use a dedicated FTP client instead of the one in your browser. Also see these FTP tips.

Filezilla

Filezilla is the ubiquitous free open-source FTP client and server for all platforms. 

sudo apt-get install filezilla

Filesharing / P2P

Do not share copyrighted material or content that is otherwise illegal to share.

Transmission (BitTorrent Client)

Transmission is the GTK-based default BitTorrent client in Ubuntu (Gnome). 

sudo apt-get install transmission

KTorrent

KTorrent is the default BitTorrent client in Kubuntu. Install: 

sudo apt-get install ktorrent

Be sure to have your firewall ports open (by default 6881 and 4444).

Azureus

Azureus is a Java-based BitTorrent client. 

sudo apt-get install azureus

QTorrent

QTorrent is a PyQT-based BitTorrent Client that is supposed to be very fast.

QTorrent

Apollon (P2P Filesharing)

Apollon is an older BitTorrent client oriented towards KDE. It uses plugins for compatibility with multiple networks. 

sudo apt-get install apollon gift

MLDonkey (P2P eMule/eDonkey2000)

MLDonkey is a P2P file sharing program (and network) that is able to use different network protocols. To install the MLDonkey core server, follow these instructions.

MLDonkey GUI frontends

  • Install the Gnome GUI frontend for MLDonkey: 
sudo apt-get install mldonkey-gui

sudo apt-get install kmldonkey

Videoconferencing and VOIP

Videoconferencing and voice over Internet (VOIP) applications are merging into integrated applications. Most of these applications now allow placing calls to non-Internet based telephones for a small fee.

Ekiga

Formerly known as Gnomemeeting, Ekiga is a SIP compliant fully functional open source integrated VOIP and videoconferencing program. 

sudo apt-get install ekiga

Skype

Skype is a proprietary integrated VOIP and video conferencing program similar to Ekiga. Also see instructions on how to record Skype conversations.

  • Install pre-requisites: 
sudo apt-get install libqt4-dbus libqt4-network libqt4-xml
  • To get the most recent version, download and install the 32-bit version: 
wget -O skype-ubuntu-current_i386.deb http://www.skype.com/go/getskype-linux-beta-ubuntu-32
sudo dpkg -i skype-ubuntu-current_i386.deb
sudo rm skype-ubuntu-current_i386.deb
  • In the past. some users have noted that they cannot get their microphone inputs to work with any version later than 2.1.0.47. They installed: 
wget -O skype-ubuntu-current_i386.deb http://download.skype.com/linux/skype-debian_2.1.0.47-1_i386.deb
sudo dpkg -i skype-ubuntu-current_i386.deb
sudo rm skype-ubuntu-current_i386.deb
or 
wget -O skype-ubuntu-current_amd64.deb http://download.skype.com/linux/skype-ubuntu-intrepid_2.1.0.47-1_amd64.deb
sudo dpkg -i skype-ubuntu-current_amd64.deb
sudo rm skype-ubuntu-current_amd64.deb
How to install Skype on a 64-bit system

The current version of Skype for 64-bit systems is a masqueraded 32-bit module. To use on a 64-bit system you might still need to install the needed packages: 

sudo apt-get install ia32-libs lib32asound2 libqt4-core libqt4-gui
  • Then download and install the current Skype .deb package from the Skype website: 
wget -O skype_ubuntu-current_amd64.deb http://www.skype.com/go/getskype-linux-beta-ubuntu-64
sudo dpkg -i skype-ubuntu-current_amd64.deb
sudo rm skype-ubuntu-current_amd64.deb
  • If the 64-bit version doesn't work for you, use the 32-bit version: 
wget -O skype-ubuntu-current_i386.deb http://www.skype.com/go/getskype-linux-beta-ubuntu-32
sudo dpkg -i --force-architecture skype-ubuntu-current_i386.deb
sudo rm skype-ubuntu-current_i386.deb

Installing Skype repository

It is possible to install Skype by adding the repository and installing from there. This has an advantage of maintaining updates automatically.

  • Install the respository security key. (This requires an open port 11371 in your firewall for the keyserver.) 
sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 0xd66b746e
  • Add the Skype repository, update, and install Skype: 
echo "deb http://download.skype.com/linux/repos/debian/ stable non-free" | sudo tee -a /etc/apt/sources.list > /dev/null
sudo apt-get update
sudo apt-get install skype

Wengophone

Wengophone is an integrated VOIP and videoconferencing client available on many platforms. Wengophone was initially an open-source GPL-licensed package ('Wengophone Classic'). Both the Classic version (available as a .deb file) and the current proprietary binary version are available from the website. Wengophone Classic has now been rebranded as QuteCom, however. To install the current version as an Ubuntu/Kubuntu package, see these instructions.

  • Download and install the older Wengophone Classic version (.deb package): 
wget http://download.wengo.com/wengophone/rc/wengophone-0.958m-1.i386.deb
dpkg -i --force-architecture wengophone-0.958m-1.i386.deb

Gizmo5

Gizmo5 is an Internet soft-phone application, similar to Skype, that uses the SIP protocol. Install (.deb package): 

wget http://download.gizmo5.com/GizmoDownload/gizmo-project_3.1.0.79_libstdc++6_i386.deb
dpkg -i --force-architecture gizmo-project_3.1.0.79_libstdc++6_i386.deb

Asterisk VOIP PBX system

Asterisk is an enterprise-grade, free open source PBX and telephony system for VOIP. 

sudo apt-get install asterisk

Kiax

Kiax is an LGPL-licensed open source IAX (Inter-Asterisk eXchange) application. It is used for making VoIP calls from an Asterisk PBX. The current version must be installed from source files. See the website for download and installation instructions, or see this Ubuntu Launchpad site.

OpenSIPS / OpenSER (SIP server)

OpenSIPS is an open-source SIP server that allows connections to be made through the Internet for VoIP, IM, and other communications protocols. While there are many public SIP servers, these are subject to spoofing and other "impersonation" problems. A company may wish to host its own SIP server to avoid the problems inherent in public services whose trustworthiness can not be determined. OpenSIPS is the successor to OpenSER (which is the version in the repositories). Install OpenSER 1.3.2 from the repositories: 

sudo apt-get install openser

Alternately, the newest version of OpenSIPS can be downloaded as a .deb package from the website and installed. Installation and usage instructions are on the website.

Telepathy

Telepathy is a flexible, modular communications framework that enables real-time VOIP/chat communication via pluggable protocol backends (for protocols such as Jabber/XMPP/Google Talk/Jingle, link-local XMPP, SIP, MSN, Yahoo/AIM and IRC). Telepathy is a communications service that can be simultaneously accessed by many client applications (primarily Empathy), using QT4, Glib, and GtK libraries. Currently a version for the Gnome desktop (telepathy-gnome) is available. Install: 

sudo apt-get install telepathy-gnome

Web meetings

Web meeting software allows video conferencing among many clients, with one server as host.

BigBlueButton

BigBlueButton is a free open source chat/video/audio and desktop sharing platform similar to GoToMeeting, WebEx, DimDim and similar products. Developed by GoogleCode, it utilises all open-source modules. A Moodle plugin is also available. See these installation instructions and these additional detailed instructions.

WebHuddle

WebHuddle is a free, open source Java-based browser client (and server) for web meetings. To install the server, first install pre-requisites, including Java, JBOSS Application Server, and xvfb. 

sudo apt-get sun-java6-jre jbossas4 xvfb

For more details on setting this up in (K)Ubuntu, see this.

TeamViewer

TeamViewer is a proprietary cross-platform package that enables up to 25 participants to share a desktop for online meetings and provides a mechanism for users to control a PC's desktop remotely. Presentations can be viewed through most Internet web browsers, as well. A free .deb package can be downloaded here.

Privacy

An interesting perspective on Internet privacy techniques can be found here.

PGP (Message Encryption)

PGP (OpenPGP and GnuPG) is a tool to encrypt your messages (such as email) to be unlocked only by someone who has a key to unlock it.

Enigmail with Thunderbird

By far the easiest method for encrypting email is using the Enigmail add-on for the Thunderbird email client. It creates PGP key pairs, stores and retrieves keys from keyrings, and encrypts and decrypts messages automatically.

Seahorse

Seahorse is the GUI for Gnome to manage the key pairs and other options of GnuPG. It can also manage your SSH keys. For more info see this tutorial. Run:

Menu -> Applications -> Accessories --> Passwords and Encryption Keys

Web browsing

Web tracking, scripts, and advertisements are extremely intrusive on the Internet. A dossier of your online habits is created by a multitude of services, including every major portal such as Google and Yahoo, as well as a variety of tracking services on the Internet. This is accomplished through the use of the "cookies" in your browser and by a variety of web elements (sometimes called "web beacons") embedded on the web pages you visit. Your behavior is monitored and correlated by recording the IP address of your computer, even when you turn off the cookies in your browser. Still, it is highly recommended to configure your web browser to erase your cookies and history every time the web browser is closed; otherwise, every website you subsequently visit can instantly see the long list of recent websites you have visited. In Firefox, for example, cookies can be accepted for the current session but erased upon closing:

Firefox -> Edit -> Preferences -> Privacy -> History -> Firefox will: Use custom settings for history
-> Always use private browsing mode (or customise the settings to your desired level of privacy)
  • In addition, both Adblock Plus and NoScript are highly recommended as plug-ins for Firefox (and other Gecko-based browsers) to limit exposure to undesirable web elements, scripts, and tracking mechanisms.

Tor (Network Privacy)

Tor is a project to allow privacy while using the Internet and to limit usage tracking. It routes your traffic through several anonymous nodes, so that your usage appears to come from an IP other than your own. (There are always risks when using the Internet that even Tor can not help with, though. Read this.) Using Tor can slow down your Internet usage significantly, depending on how much traffic is being passed through the Tor network (routine file-sharing or large downloads will also significantly reduce performance of the Tor network.)

  • Install the Privoxy http proxy: 
sudo apt-get install privoxy
  • Install Tor by following the instructions here. Note that the instructions require port 11371 on your firewall to be open to use the gpg keyserver (and download the key for the debian package). Then see the Tor installation guide for details.

Vidalia (Tor interface)

Vidalia is the recommended Qt4-based GUI frontend for Tor. If not installed with Tor, install: 

sudo apt-get install vidalia

Torbutton (Firefox plug-in)

Once Tor is installed and running properly, Torbutton allows you to choose whether to use Firefox through the Tor anonymizing network or not.

  • Install the .xpi extension directly from the website.
  • Torbutton intereres with several functions of Firefox, most notably the "Drag and Drop" bookmark and menu sorting functions. Disable the plugin while attempting any Drag and Drop functions, then re-enable it afterwards.

DNS Servers and Search engines

  • Most users rely on the DNS server of their ISP (Internet Service Provider). DNS queries can be recorded, however, and theoretically correlated by an ISP to the data traffic to/from a user's IP address serviced by that ISP. A somewhat less trackable solution is to use a DNS service that does not belong to your ISP. This can belong to any another commercial ISP or to a third party service such as OpenDNS, Comodo, ScrubIT, Google (though slightly less secure due to Google's own tracking mechanisms), another free DNS service, or (for maximum security) a publicly-available international DNS server. For example, a Verizon customer could use the AT&T DNS servers or the OpenDNS servers. An AT&T customer could use one of the Verizon servers or the Google servers. It is important to use a reliable DNS provider, however, as man-in-the-middle DNS redirection and DNS cache poisoning attacks are increasingly common. Stick to one of the major DNS services (just not your own ISP's DNS service).

The DNS server setting can be changed in the router's settings (recommended) or individually for each computer. If changing on an individual computer, use the Network Manager or Wicd settings, or edit /etc/resolv.conf manually and change the nameservers to the addresses you desire to use: 

sudo gedit /etc/resolv.conf
  • Many search engines track your search requests (notably Google, Bing, and Yahoo) and keep logs of the searches they receive from your IP address. DuckDuckGo.com is a filtered search engine that has made its reputation not only by promising not to track searches, but also by providing a secure (encrypted), Tor-capable and anonymized search portal. Point your browser to https://duckduckgo.com. It can be used with your Torbutton turned on.
  • Many censorship/filtering/tracking techniques (that use deep packet inspection) cannot be used with secure (SSL/TLS encrypted) websites (denoted by https:// ). Use them whenever possible. For example, use the secure Wikimedia portal for Wikipedia (and other Wikimedia services) instead of the insecure portal(s).
  • Many websites keep logs of referring http headers (which can be correlated with cookies to track your browsing activities). To turn off the passage of referral headers in Firefox, see this info.

Certificate verification

  • CAcert.org is a free certifying authority that maintains weak certificates that are recognized by many open source operating systems, but not by Firefox or most browsers. (For browsers that do not include CAcert.org recognition, certificates appear to be self-signed certificates.) While Debian incorporates CACert.org's root certificate by default, Ubuntu derivatives do not (Canonical was originally founded with funds earned from Thawte, a certifying authority founded by Mark Shuttleworth.)

Proprietary Extras

Proprietary software helps you maximize your Internet experience, but is not open source. The software available includes Multimedia Codecs, Java Runtime Environment, and plug-ins for Firefox.

Restricted Extras

The Ubuntu Restricted Extras will install Adobe Flash Player, Java Runtime Environment (JRE) (sun-java-jre) with Firefox plug-ins (icedtea), a set of Microsoft Fonts (msttcorefonts), multimedia codecs (w32codecs or w64codecs), mp3-compatible encoding (lame), FFMpeg, extra Gstreamer codecs, the package for DVD decoding (libdvdread4, but see here for info on libdvdcss2), the unrar archiver, odbc, and cabextract. It also installs multiple "stripped" codecs and avutils (libavcodec-unstripped-52 and libavutil-unstripped-49). This is a single command approach. 

sudo apt-get install ubuntu-restricted-extras

Note: Installation only works completely and properly when done from the command-line Terminal. The entire package will not usually install completely from within a Package Manager.

Photos and Graphics

Manage and edit your photos, create stunning 3D drawings and graphics, or convert between formats.

GIMP (Image Manipulator)

Gimp is a powerful, full-featured, free open-source graphics and image editor, similar to Adobe Photoshop. 

sudo apt-get install gimp
  • There is an extra set of brushes, palettes, and gradients for The GIMP. 
sudo apt-get install gimp-data-extras
  • See these instructions to create an alpha transparency layer for any photo using Gimp.

Dia (Diagram editor)

Dia is a free open source GTK-based diagram creation program for Gnome. It is similar to Visio. 

sudo apt-get install dia

Kivio (Diagram editor)

Kivio is an open source flow-chart and diagram creation program that is part of the KOffice Suite for KDE. It supports Dia stencils. 

sudo apt-get install kivio

Inkscape Vector Illustrator

Inkscape Vector Illustrator is an open source drawing program similar to Illustrator and CorelDraw. 

sudo apt-get install inkscape

Digikam (Photo Organiser)

Digikam is a comprehensive open source digital photo organiser and editor. Install it: 

sudo apt-get install digikam kipi-plugins digikam-doc

F-spot (Photo Organiser)

F-spot is a comprehensive open source digital photo organiser and editor for the Gnome desktop. Install it: 

sudo apt-get install f-spot

Google Picasa (Photo Organiser)

Google Picasa is a photo editor and organiser similar to Digikam. It allows uploads to a Google web server for online exchange. For more info, see the Picasa for Linux FAQ. A self-installing .deb file is available at Picasa 2.7 downloads.

Shotwell (Photo Organiser)

Shotwell is a new photo organiser for the Gnome desktop. See these installation instructions.

Tesseract (Optical Character Reader)

Tesseract is a command-line optical character reader. Install: 

sudo apt-get install tesseract-ocr

Ocropus is a document-analysis engine that uses Tesseract. Install: 

sudo apt-get install ocropus

Cuneiform (Optical Character Reader)

Cuneiform is an optical character reader. Install (multiverse repositories must be enabled): 

sudo apt-get install cuneiform
  • Pdfocr is a tool to use Cuneiform for OCR and then to add the resulting text file layer back to the PDF file to make it searchable.

YAGF (Cuneiform/Tesseract GUI)

YAGF is a Qt-based GUI for Cuneiform, Tesseract, and/or XSane. Installation can be from a Debian (.deb) package from GetDeb (see these instructions as well) or by compiling from source downloaded from the original site. (Qt 4.7 or later, already the version with Oneiric, is required on your system).

Xsane (Scanning utility)

Xsane is a full-featured scanning utility. Install: 

sudo apt-get install xsane

Gnome-Scan (Scanning Utility)

Gnome-Scan is a simple utility for scanning (still in alpha stage). Install: 

sudo apt-get install gnomescan

Gwenview (Image Manipulator)

Gwenview is the quick image manipulator installed by default in Kubuntu (K menu -> Graphics -> Gwenview Image Viewer). Simple cut-and-paste, resizing, and format conversion are some of the graphics files manipulations that can be accomplished. Install: 

sudo apt-get install gwenview

OpenClipart (ClipArt Library)

OpenClipart is a utility to provide access to a large library of free PNG, SVG, and OpenOffice clipart. It includes a utility for OpenOffice Gallery. Files are installed to /usr/share/clipart. Install: 

sudo apt-get install openclipart

It is also possible to only install a single collection (openclipart-png, openclipart-svg, or openclipart-openoffice.org) in case you don't want the entire collection (or the utilities). For example: 

sudo apt-get install openclipart-png

Screencasts and Desktop Recording

Several utilities allow you to capture your desktop (and then create a screencast from it).

FFMPEG with x11grab

FFMPEG includes x11grab, a module for screen capture. This method gives the best results for screencaptures and is one of the most flexible methods, allowing a variety of audio inputs and audiovisual output formats. FFMPEG must be installed first (sudo apt-get install ffmpeg). See here for more details. In brief, an example command to capture to an .avi file using the X264 video codec and lossless 16-bit sound would be: 

ffmpeg -f alsa -ac 2 -ab 192k -i pulse -f x11grab -s 1024x768 -r 30 -i :0.0 -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 /home/user/capturedvideo.avi

recordMyDesktop (Desktop Session Recording)

recordMyDesktop is a desktop recording utility, which has both pyGTK and a pyQT4 GUI frontends available. Recordings are saved in Theora video/Vorbis audio files. Only the Gtk version is available from the repositories (but it works well with KDE/Kubuntu nevertheless). To install with the gtk GUI: 

sudo apt-get install gtk-recordmydesktop

Using recordMyDesktop with PulseAudio

  • If you have not installed Pulse Audio Controls and Volume utility, they are useful for monitoring your pulse audio devices: 
sudo apt-get install pavucontrol paprefs padevchooser
  • Change the recordMyDesktop settings so that the capture device is the one you select through pulse audio:
gtk-recordMyDesktop -> Sound Quality (ticked) -> Advanced -> Sound -> Device: pulse

This sets recordMyDesktop to use whichever input device(s) are selected through pulse audio. If you have several input devices, all of them will be recorded. This is an easy way to mix inputs.

Istanbul (Desktop Session Recording)

Istanbul is a desktop recorder for the Gnome desktop. It records your session into an OGG Theora video file. 

sudo apt-get install istanbul

xvidcap (Desktop Session Recording)

xvidcap is a utility to capture your desktop as a video. Install: 

sudo apt-get install xvidcap

WebCamStudio

WebCamStudio creates a virtual webcam that can mix several video sources together and can be used for live broadcasting. See the website for installation instructions.

Wink (Presentation Editor)

Wink is a open source tutorial and presentation editor. It allows you to capture screenshots and use them for presentations. Download the .tar.gz source package, install using these instructions, and follow one of the user guides. 

wget -O winkcurrent.tar.gz http://www.digital2b.com/mirror_wink/wink15.tar.gz

Note: Wink is a 32-bit application. If you are running a 64-bit system, make sure ia32-libs is installed first: 

sudo apt-get install ia32-libs

Freeseer (Presentation capture)

Freeseer is a utility to capture output from a projector or other display device (including another computer). See these installation instructions.

Screencast Demos

rtmpdump (Capture streaming video)

Rtmpdump allows the capture of many types of streaming video. Current installation instructions are at the website.

  • Here are old installation instructions: 
sudo apt-get install build-essential checkinstall libssl-dev
wget http://rtmpdump.mplayerhq.hu/download/rtmpdump-2.3.tgz
tar xvf rtmpdump-2.3.tgz
cd rtmpdump-2.3
make SYS=posix
sudo checkinstall
sudo ldconfig

When prompted during installation, name the package rtmpdump.

Video Applications

Capture, record, edit, and convert video using these applications. Also see this list of open source video applications. Trivia: The movie Avatar was created at Weta Digital on a super-computer comprised of 4,000 servers running Kubuntu Linux, co-ordinated by the open-source Sun Grid Engine.

OpenShot

OpenShot is a GTK-based non-linear video editing suite for Linux. Install: 

sudo apt-get install openshot

PiTiVi (Non-linear Video Editing Suite)

PiTiVi is a simple, limited-capability open source video editor that will be the default in newer versions of Ubuntu. It uses the GStreamer/Fluendo framework. Install: 

sudo apt-get install pitivi

Avidemux (Video editor/processor)

Avidemux is a free, GPL-licensed open source cross-platform video editor and processor. Using mencoder as a backend, it allows cropping, trimming, special effects, and conversions between many filetypes (MPG/DVD, AVI, MP4, ASF). Install the GTK-based version: 

sudo apt-get install avidemux

Kino (Non-linear Video Editing Suite)

Kino is a widely used GUI-based non-linear video editing suite for Linux. It imports video files into (and then uses) the DV (Digital Video) format for editing. 

sudo apt-get install kino mjpegtools

KdenLive (Non-linear Video Editing Suite for KDE)

Kdenlive is a GUI-based non-linear video editing suite for KDE based on FFmpeg and the MLT video framework. It has tools for DV, video4linux, and screen capture. Install: 

sudo apt-get install kdenlive mjpegtools

Cinelerra (Non-linear Video Editing Suite)

Cinelerra Community Version is a complete high-end open source video editing suite that is a derivative of a similar commercial system. Follow the installation instructions for Ubuntu.

LiVES (Video editor/processor)

LiVES is a free, GPL-license open source video editor and processor that is promoted as being useful for VJ editors. Install: 

sudo apt-get install lives

OpenMovieEditor

OpenMovieEditor is a free, open source movie editing program for basic movie making. Install: 

sudo apt-get install openmovieeditor

Blender

Blender is a free GPL-licensed 3D graphics and modeling tool that has been used in several animation projects. Install: 

sudo apt-get install blender

Stopmotion (Animation)

Stopmotion is an open-source program for creating stopmotion animation. Install: 

sudo apt-get install stopmotion

Animata (Animation)

Animata is an interactive-animation (similar to Flash video) design platform that uses the fltk libraries. It is built from source using the SCons package (which is a make replacement).

  • Make sure you have the usual components for compiling from source code installed: 
sudo apt-get install ia32-libs build-essential linux-headers-$(uname -r) gcc cmake gettext
  • Install the fltk and scons libraries: 
sudo apt-get install libfltk1.1 libfltk1.1-dev scons
  • See these details. Download the Animata source code, extract, and then from the directory into which Animata was extracted run scons: 
scons

Webcam Applications

  • To display your webcam on your screen, take photos from it, or to create other effects, install one of these webcam applications:
  • Cheese (sudo apt-get install cheese) is a Gnome-based webcam application with many options and a re-sizable window.
  • Kamoso (sudo apt-get install kamoso) is a KDE-based webcam application.
  • Camorama (sudo apt-get install camorama) is a Gtk-based webcam application that has been around for years.
  • Xawtv (sudo apt-get install xawtv) is a Gtk-based application. Because the Xawtv window can be arranged so that only the webcam image is shown, it is my favorite webcam display for screencasts. (Click on "X" in the window bar -> Advanced -> No Border (ticked) .)

Any of these applications can be used in either Ubuntu or Kubuntu.

Audio Applications

Audacity (Audio Editor and Recorder)

Audacity is the leading cross-platform free open source (GPL-licensed) audio recorder and editor. It can be used to record, splice, edit, and manipulate sound files similar to tools found in recording studios. Install: 

sudo apt-get install audacity

Ardour (Digital Audio Workstation)

Ardour is a free, GTK-based professional-grade digital audio workstation for high end audio manipulation and mixing. Install: 

sudo apt-get install ardour

Rosegarden (Digital Audio Workstation)

Rosegarden is a midi/audio interface for synthesizers, as well as a digital audio studio for recording, editing, and notating music. It is often used in combination with Audacity. Install: 

sudo apt-get install rosegarden

Hydrogen (Drum synthesizer)

Hydrogen is an advanced drum machine for Linux. Install: 

sudo apt-get install hydrogen

EasyTag (ID3 editor)

EasyTag is a utility for editing the ID3 tags of mp3 and other music files. Install: 

sudo apt-get install easytag

Run:

Applications -> Sound & Video -> EasyTAG

PuddleTag (ID3 editor)

PuddleTag is a comprehensive utility for editing the ID3 tags of mp3 and other music files. Install: 

sudo apt-get install python-qt4 python-pyparsing python-mutagen python-configobj python-musicbrainz2
wget -O puddletag_current.deb http://sourceforge.net/projects/puddletag/files/puddletag_0.9.12-1_all.deb
sudo dpkg -i puddletag_current.deb

UbuntuStudio (Ubuntu distribution customized for multimedia editing)

UbuntuStudio is an official derivative of Ubuntu that pre-packages many multimedia editing packages. (Each of the packages can also be installed independently.) See the website for a full list of the premier audiovisual software packages available for Ubuntu Linux. 

sudo apt-get install ubuntustudio-audio

sudo apt-get install ubuntustudio-video

sudo apt-get install ubuntustudio-graphics

Audio / Video conversion

Here is a nice review of some of the applications that enables conversion and handling of these types of files. Some specific examples and suggestions are here.

FFMPEG video / audio conversion

FFMPEG is the swiss-army knife of video and audio format conversion. It succeeds when no other program can. It is free and open source. If it not yet installed on your system as part of another package (it is used by many video/audio editors), then install it: 

sudo apt-get install ffmpeg

Example: To convert a saved Flash video (.flv) to an MPEG-2 format playable on a DVD, convert: 

ffmpeg -i samplevideo.flv -target ntsc-dvd samplevideo.mpg

Then use K3b (or Gnomebaker) to write the mpg file to a New DVD Data Project.

  • For PAL use -target pal-dvd. For widescreen, use -target film-dvd. For other conversion tips, see this forum. (Note: Most Flash video has very low resolution, with a screen size of 360x270, for example. You may see a slight diminishment in resolution if you wish to convert it to 720x480 (which is the NTSC standard size) or other screen size. You can keep the original screen size and resolution by omitting the -target parameter.) If your original file is 16:9 widescreen and you desire a 4:3 letterbox output for playing on an overscanned TV, you may need to pad the file so that the widescreen is not compressed (see this forum): 
ffmpeg -i samplevideo.flv -target ntsc-dvd -s 648x364 -padleft 36 -padright 36 -padtop 58 -padbottom 58 samplevideo.mpg
  • You can also use the WinFF GUI and add the command (as above) as a "Preset," for subsequent use. For example:
Video converter (WinFF) -> Edit -> Presets ->
Preset Name: Letterbox -> Preset Label: 16:9 Widescreen to 4:3 Letterbox
Preset command: -target ntsc-dvd -s 648x364 -padleft 36 -padright 36 -padtop 58 -padbottom 58
Ouput file extension: mpg -> Category: DVD
-> Add/Update -> Save
  • To convert to MPEG-4 (mp4) files, use 
ffmpeg -i samplevideo.flv outputvideo.mp4
  • FFMpeg requires that multiple restricted extra codecs be installed. This can be done in a single easy step from the command-line Terminal: 
sudo apt-get install ubuntu-restricted-extras
FFMPEG GUI

WinFF is a free, GPL-licensed open source GUI frontend for FFMPEG. Install: 

sudo apt-get install winff xterm

Run:

Menu -> Applications -> Sound & Video -> WinFF
Join video segments

Individual video segments (MPEG-2, for example) can easily be joined: 

cat samplevideo1.mpg samplevideo2.mpg samplevideo3.mpg > samplevideo123.mpg
You can then write the resulting MPEG-2 file to a DVD and play it in most DVD players.
Split a file into segments

Any file can be split into segments using the Linux command: 

split -b 1440k my_big_file

which will split my_big_file into equal segments of size 1440 kb.

Mencoder

Mencoder is part of the MPlayer set of libraries (that also uses several of the FFMPEG libraries) for audio/visual conversion. Some examples of usage are here.

Save any streaming Flash video

An easy way is to install the Video Download Helper plug-in for Firefox.

Otherwise, most Flash videos download to the /tmp directory while you watch the video, creating a randomly-named video file there (such as Flashuh4G6s). When you close the webpage, this file in the /tmp directory will be erased. After the entire video has downloaded, but before you close the webpage, copy that file (such as Flashuh4G6s) to your home directory (where it will not be erased). Of course, for this to work, you must change your Flash (or Gnash) settings to allow an unlimited buffer. While watching your Flash video, right click to bring up the Flash -> Settings window. Set the Buffer to "Unlimited."

Once you have copied the file, rename it appropriately with the .flv added to the filename. You can then watch it using VLC or Mplayer.

Here is another method that involves making a symbolic link.

Save rtmp / flv streams

flvstreamer is a command-line application to dump rtmp streams. Install: 

sudo apt-get install flvstreamer

Example of usage: 

flvstreamer -r "rtmp://host/dir/file.flv" -o filename.flv

If you see the following the "WARNING: Download may be incomplete, try --resume!" message, try to use the --resume option: 

flvstreamer -r "rtmp://host/dir/file.flv" -o filename.flv --resume

Convert Flash video audio to mp3

Once you have downloaded flash video content (.flv) from the Internet (using the Video Download Helper plug-in for Firefox, for example), the audio component can be converted to an mp3 using this command (from the command line Terminal). (This will work for any type of video file, not just Flash.) 

ffmpeg -i nameofvideoclip.flv -ab 160k -ac 2 -ar 44100 -vn nameoffile.mp3

where -i indicates the input, -ab indicates the bit rate (in this example 160kb/sec), -vn means no video ouput, -ac 2 means 2 channels, -ar 44100 indicates the sampling frequency. See FFMPEG docs for more info.

2ManDVD

2ManDVD is a GUI utility for creating DVD videos. It is the successor of ManDVD. Choose the version for your architecture and install it from the 2ManDVD website. Click on the download link and select to open it with the GDebi Package Installer (default). (If you have previously installed ManDVD you must uninstall it first.) For a usage tutorial, read this 2ManDVD guide.

Run:

Menu -> Applications -> Sound & Video -> 2ManDVD

DeVeDe

DeVeDe is a program to create video DVDs and CDs suitable for home players (i.e. VCD, sVCD or CVD) from any source video file that is supported by MPlayer. Choose the version for your architecture and install it from the DeVeDe website. Click on the download link and select to open it with the GDebi Package Installer (default). For a usage tutorial, read this DeVeDe guide.

Run:

Menu -> Applications -> Sound & Video -> DeVeDe

ManDVD

ManDVD is a QT-based DVD authoring tool which accepts several different file types as input. Install: 

sudo apt-get install mandvd xine-ui

DVD Author

DVD author allows you to create menus and format your MPEG-2 videos onto a DVD disc so that you can play it in a commercial DVD player. DVD Author is a command line tool, but several GUI's exist. Install: 

sudo apt-get install dvdauthor
QDVDAuthor

QDVDAuthor is a Qt-based GUI for DVD Author. A package for Oneiric does not exist, but the Maverick package can be used.

  • Enable the Maverick multiverse repository temporarily by adding it to the Synaptic Package Manager Origin of Packages ("Other" software):
Menu -> System -> Synaptic -> Settings -> Edit Origins -> Software Sources: Other Software -> Add... 
deb http://us.archive.ubuntu.com/ubuntu maverick multiverse
  • From the Get and Remove Software menu (of Synaptic), install the qdvdauthor package (and the qdvdauthor-common package if it is not automatically installed as a dependency).
  • Once the download/installation is complete, disable the Maverick multiverse repository (to prevent conflict with other Oneiric packages).
  • Download and install the addons: 
cd /tmp
wget http://qdvdauthor.sourceforge.net/data/masks.tar.bz2 -O masks.tar.bz2
wget http://qdvdauthor.sourceforge.net/data/buttons.tar.bz2 -O buttons.tar.bz2
wget http://qdvdauthor.sourceforge.net/data/alpha_trans.tar.bz2 -O alpha_trans.tar.bz2
cd /usr/share/qdvdauthor/
sudo tar -xjf /tmp/masks.tar.bz2
sudo tar -xjf /tmp/buttons.tar.bz2
sudo tar -xjf /tmp/alpha_trans.tar.bz2

Run:

Menu -> Multimedia -> QDVDAuthor

Follow instructions in the Quick-Start Guide:

QDVDAuthor -> Help -> Quick-Start Guide

For a tutorial on authoring DVDs, see this guide.

ToVid

ToVid is a collection of tools to create a DVD from a number of different video formats. A GUI is available. Install: 

sudo apt-get install tovidgui tovid

Other DVD authoring programs

There are several other DVD authoring programs. For additional information see the Ubuntu Community pages. Packages include:

  • Bombono, a GTK-based, GUI DVD authoring program. Install (requires multiverse repositories to be enabled): 
sudo apt-get install bombono-dvd
  • KMediaFactory is a KDE-based DVD authoring frontend for dvdauthor. (The DVD folders can then be burned to disc using K3b.) Install (requires multiverse repositories to be enabled): 
sudo apt-get install kmediafactory

Ripper X CD Ripper/Encoder

Ripper X is a GTK-based (i.e. Gnome) open source utility to rip CD audio tracks to OGG, MP3, or FLAC formats. It supports CDDB lookups. 

sudo apt-get install ripperx

Asunder CD Ripper/Encoder

Asunder is a GTK-based open source CD ripper/encoder which saves to Wav, MP3, OGG, FLAC, or WavPack. Self-installing .deb packages are available here.

Audex CD Ripper/Encoder

Audex is a port to KDE4 of the KAudioCreator package used in KDE 3. It can create output for LAME (MP3-compliant), OGG Vorbis (oggenc), FLAC and RIFF WAVE. Install: 

sudo apt-get install audex

Gnac (GNome Audio Converter)

Gnac (GNome Audio Converter) converts between all GStreamer supported audio formats. It is not yet part of the standard repositories. See these installation instructions.

SOX (encodes/decodes audio)

SoX is a command-line utility to convert audio formats. See this usage guide. Install: 

sudo apt-get install sox

Run: 

sox
Install MP3 support for SoX
  • Install the MP3 libraries (if not already installed): 
sudo apt-get install libmp3lame0
  • For simple conversions, I have found FFMPEG to be easier, and FFMPEG already has mp3 support. Example: 
ffmpeg -i audiofile.m4a -ab 128k -ac 2 -ar 44100 audiofile.mp3
where -ab specifies the bit rate, -ac specifies the number of channels (in this example 2-channel stereo), and -ar specifies the sampling frequency.


CDs and DVDs

Brasero (CD/DVD burner)

Brasero is a CD/DVD burning application that is now part of the Gnome desktop (but can be used with any Ubuntu derivative). If not already installed: 

sudo apt-get install brasero

Gnomebaker (CD/DVD burner)

Gnomebaker has been the default CD/DVD burning application for the Gnome desktop. If not installed: 

sudo apt-get install gnomebaker

K3b (CD/DVD burner)

k3b (KDE Burn Baby Burn) is the default KDE CD and DVD burning utility included in Kubuntu, but can run well in Gnome. (Due to licensing requirements, mp3 capabilities must be installed separately as the libk3b6-extracodecs package). Install: 

sudo apt-get install k3b libk3b6-extracodecs

Normalize audio levels

Volume normalization for an audio CD requires a separate external plugin. Install: 

sudo apt-get install normalize-audio

Then select normalization:

K3b -> Project -> Properties -> Advanced -> Settings:Normalize volume levels (ticked)
  • Recent versions of k3b have a bug that doesn't properly recognise normalize-audio. See these tips for a workaround.

DVD Playback Capability

libdvdcss

To play encrypted DVDs, the libdvdcss2 package is essential. libdvdcss2 is a simple library designed for accessing DVDs like a block device without having to bother about the decryption. More information about this package can be found at VideoLAN.

  • You can install libdvdcss2 as a 64-bit .deb package without installing the Medibuntu repositories: 
wget -c http://packages.medibuntu.org/pool/free/libd/libdvdcss/libdvdcss2_1.2.10-0.3medibuntu1_amd64.deb
sudo dpkg -i libdvdcss2_1.2.10-0.3medibuntu1_amd64.deb
or a 32-bit .deb package: 
wget -c http://packages.medibuntu.org/pool/free/libd/libdvdcss/libdvdcss2_1.2.10-0.3medibuntu1_i386.deb
sudo dpkg -i libdvdcss2_1.2.10-0.3medibuntu1_i386.deb
  • You can also use guidelines provided at Medibuntu. This will install the Medibuntu repositories on your system and then install the libdvdcss2 package: 
sudo wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list
sudo apt-get update
sudo apt-get --yes --allow-unauthenticated install medibuntu-keyring
sudo apt-get update
sudo apt-get install libdvdcss2
  • You can also install 32 bit or 64 bit Windows multimedia codecs (if you haven't already done so using ubuntu-restricted-extras): 
sudo apt-get install w32codecs
or 
sudo apt-get install w64codecs
  • Instead of downloading directly from Medibuntu, you could also use the script included with the libdvdread4 package to download and install libdvdcss2: 
sudo apt-get install libdvdread4
sudo /usr/share/doc/libdvdread4/install-css.sh

libudf

Many newer DVDs use the UDF filesystem. To play them properly, also install libudf: 

sudo apt-get install libudf0

Other tools are useful: 

sudo apt-get install udftools libudf-dev

K9copy (DVD Ripper)

K9copy is the free open source DVD backup, copying, compression, and authoring utility that requires libdvdcss. For other info, see this or this guide. You can easily create MPEG-2. MPEG-4, or DVD videos with this utility. 

sudo apt-get install k9copy
  • Tips: At times you may not be able to copy your DVD directly from DVD to DVD. This may because you have a small imperfection in the DVD, or because the DVD was initially created with a non-standard burning method. There are two methods that can help solve this problem:
  • Copy the VIDEO_TS and AUDIO_TS folders from your original DVD directly to your hard drive. Then use k9copy to burn a DVD directly from these hard drive folders.
  • Use k3b (or Gnomebaker) to copy an .iso image from the original DVD to your hard drive. Then use k9copy to extract from the hard drive .iso image and then burn a DVD directly from it.

Handbrake

Handbrake is a GPL-licensed open source tool for converting DVD to MPEG-4 (iPod format) that is an alternative to k9copy. (It can handle many DVDs that k9copy cannot.) Installation is from the developmental PPA archive. 

sudo add-apt-repository ppa:stebbins/handbrake-releases
sudo apt-get update
sudo apt-get install handbrake-gtk handbrake-cli

If you do not intend to use the command-line interface, you can skip handbrake-cli.

dvd::rip

dvd::rip is a DVD backup/copy program, written in GTK-based perl, that uses the transcode and ffmpeg video/audio processing and conversion tools. See the website for installation and official documentation. For other info, see this dvd::rip tutorial. Install: 

sudo apt-get install dvdrip rar

Acidrip

Acidrip is a DVD backup/copy program, written in GTK-based perl, that uses the Mplayer and Mencoder video/audio processing and conversion tools (and therefore yields the best quality DVD rips to an .AVI file with XVID video, for example). See the website for installation and official documentation. Install: 

sudo apt-get install acidrip

DVD Fab (DVD Ripper)

DVD Fab is the favoured DVD backup tool for today's DVD encryption methods. It must be run in Wine (since it is a Windows application). It comes as a fully featured 30-day trial, but see these instructions for fine-tuning the trial period.

Music Players

Rhythmbox

Rhythmbox is the default music player in Ubuntu (Gnome), relying on the Gstreamer framework.

Play Internet Radio through Rhythmbox

Internet radio can be played through Rhythmbox by installing the rhythmbox-radio-browser plugin: 

sudo apt-get install rhythmbox-radio-browser
  • Restart Rhythmbox and select the plugin:
Rhythmbox -> Edit -> Plugins -> Internet radio station browser (ticked) -> Library -> Radio browser

Note: Internet radio streams use many different ports. You must adjust your firewall to allow the ports over which the streams will be sent.

Amarok

Amarok is the default music player in Kubuntu. Install: 

sudo apt-get install amarok

Amarok themes

Amarok themes can be downloaded from KDE Look and installed.

  • Download the theme (ending in .tar.bz2) to your home directory (or chosen directory).
  • Amarok -> Settings -> Appearance -> Install New Style
  • Select the downloaded file.

Play Shoutcast Internet Radio through Amarok

Shoutcast internet radio can be played through Amarok 2.2 or later by installing the Shoutcast script:

Amarok -> Tools -> Script Manager -> Get more scripts -> Order by:Rating (ticked) -> Shoutcast service -> Install -> Restart Amarok -> Tools -> Script Manager -> Shoutcast service tralala (ticked) -> Ok -> Internet -> Shoutcast service tralala

Note: Internet radio streams use many different ports. You must adjust your firewall to allow the ports over which the streams will be sent.

Audacious

Audacious is a compact, fast music player that is a fork of XMMS. It resembles WinAmp and can use WinAmp and XMMS skins. It supports many plugins and is ideal for streaming content. Volume normalization (using ReplayGain) is a built-in option. Install: 

sudo apt-get install audacious

You can switch between the "PulseAudio Output Plugin" and the "ALSA Output Plugin" under

Audacious -> Preferences -> Audio -> Current output plugin.

Banshee Music Player

Banshee is a Gstreamer, Mono and Gtk-based music player for Linux and Mac OS X. It supports multiple mp3 players (including the iPod).There are plugins for podcasts, internet radio, and more. 

sudo apt-get install banshee

Exaile Music Manager and Player

Exaile is a GTK-based music player that supports many formats, incorporates a Shoutcast directory, a plugin for iPod, Last.FM support, tabbed playlists, and other features. Install: 

sudo apt-get install exaile

Songbird Music Player

Songbird is an open source music player from Mozilla with an appearance meant to resemble iTunes. It is in current development and does not yet have full support for mp3 players (such as the iPod). It incorporates a Shoutcast internet radio interface. The current beta version can be downloaded from the website.

aTunes

aTunes is a Java-based player designed to be similar to iTunes. Installation instructions are here.

Multimedia Players

Most current video multimedia players play many video formats, including the Flash video .flv format.

MPlayer Multimedia Player

Mplayer is a video player with a wide range of formats supported (including RealMedia and Windows-codecs) and a wide variety of outputs. 

sudo apt-get install mplayer

SMPlayer

SMPlayer is an enhanced frontend for MPlayer. 

sudo apt-get install smplayer

Dump a video stream to disc

You can dump a video stream to disc using Mplayer: 

mplayer -dumpstream streamurl

If you don't know the exact URL of the stream you wish to save, you can discover it from the webpage it is embedded in by using the Firefox add-on UnPlug. Do not save streams that are illegal to download.

VLC Multimedia Player

VLC is a cross-platform multimedia player that supports many formats without need for additional codecs. It can not only receive video streams (also see here to convert it to mp4), but can act as a server for video streams, as well. It is one of the only players that can view and backup almost any DVD format, no matter which copy protection is used. See these tips for using VLC to backup/rip encrypted DVDs. 

sudo apt-get install vlc vlc-plugin-pulse

VLC plugins

There are many VLC plugins. You will likely only need to install a few of them, however, depending on your hardware and input/output configuration: 

sudo apt-get install vlc-plugin-ggi vlc-plugin-jack vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svgalib mozilla-plugin-vlc vlc-plugin-esd


Xine-UI Multimedia Player

Xine UI is a multimedia player based, of course, on the xine platform. It can also play streamed video from the Internet and supports most formats, including some uncommon ones. 

 sudo apt-get install xine-ui

Kaffeine Video Player

Kaffeine is the default video player in Kubuntu. Install: 

sudo apt-get install kaffeine

RealPlayer 11 Multimedia Player

The Linux Realplayer is actually based on the open-source Helix player. Helix itself can be installed as a package easily (read Helix plug-in) and used instead of Realplayer. These instructions are to install the proprietary version of RealPlayer only.

Download Real Player official linux player

Open a terminal and cd to the directory you have downloaded realplayer's .bin file. Then issue the following commands 

chmod +x RealPlayer11GOLD.bin
sudo ./RealPlayer11GOLD.bin

When it asks for installation path enter /usr/local/RealPlayer

For all other questions just choose default by pressing enter.

If you have installed mozilla-mplayer package you will need to delete the mplayer firefox plugin for real player videos. Other wise all real player files will open with mplayer. For that please do this 

cd /usr/lib/firefox/plugins
sudo rm mplayerplug-in-rm.*

Please remember to restart firefox and when ever you click on a real player video choose the option open with and use /usr/bin/realplay

Internet TV

Miro Player

Miro Player (formerly Democracy TV Player) is an open-source Internet TV and video player that allows you to watch Internet TV and videos. Unlike other video players, it contains a structured guide that includes more than 2500 channels, has built-in BitTorrent, and has features that can automatically save videos, such as from YouTube. 

sudo apt-get install miro

Myth TV

See MythTV

Sopcast Internet TV

Sopcast is an interface to play live P2P video streams through the VLC media player. Install VLC first. This is a Chinese program and most content is hosted in China and may not be legal in your area. Please consult local regulations.

You can install the SopCast Player PPA using the following commands: 

 echo "deb http://ppa.launchpad.net/jason-scheunemann/ppa/ubuntu `lsb_release -cs` main" | sudo tee -a /etc/apt/sources.list
 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CD30EE56

If you are using Karmic or later: 

sudo add-apt-repository ppa:jason-scheunemann/ppa
sudo apt-get update
sudo apt-get install sopcast-player

Run:

Applications->Sound & Video->SopCast Player

Zattoo

Zattoo is a free Internet TV player that allows you to watch terrestrial television from various countries in Europe. See the Zattoo Download page for further instructions on installation. For screenshots and an alternate installation guide, see this UbuntuGeek guide.

  • Install dependencies first: 
sudo apt-get install libgtkglext1 adobe-flashplugin

 wget http://zattoo.com/release/download.php
  • Install the downloaded .deb package: 
sudo dpkg -i *.deb
  • Run Zattoo:
K -> Application -> Multimedia -> Zattoo Player
Note: you have to register for a free account when the player starts.

TV Time (TV Viewer)

TVTime allows the display of television and other digital inputs (made available to the computer by a video capture card). A plugin for the Remuco remote control (remuco-tvtime) is also available. Install: 

sudo apt-get install tvtime

ABC iView

Python-iView is a program that works with rtmpdump to record streams offered by ABC iView (Australia). Installation instructions are at the PPA repository.

BBC iPlayer

BBC iPlayer provides replays and downloads of BBC programs to UK residents. The BBC, however, has crippled its streams to prevent downloading and legal actions against iPlayer appear to be in progress. (Flvstreamer may be required for rtmp stream recording). To install a Flash 64-bit edition of iPlayer: 

sudo aptitude remove flashplugin-installer
sudo add-apt-repository ppa:sevenmachines/flash
sudo aptitude update
sudo aptitude install flashplugin64-installer
get_iplayer (BBC program recording)
  • get_iplayer allows BBC streams (through their iplayer service) for UK users, as well as Hulu streams for US users, to be recorded to mp4, wav and mp3 files (depending on content). Install v2.66 (may not work for all users): 
sudo apt-get install get-iplayer
  • To install a newer version: 
sudo apt-get install flvstreamer id3v2 libmp3-info-perl atomicparsley libwww-perl perl
wget ftp://ftp.infradead.org/pub/get_iplayer/get_iplayer-2.79.tar.gz
tar xvf get_iplayer-2.79.tar.gz
sudo ln -s iplayer-2.79/get_iplayer /usr/bin/get_iplayer

Note: When running this version, use get_iplayer instead of get-iplayer.

  • Add preferences: 
get_iplayer --prefs-add --modes=flashhd,flashvhigh,flashhigh,flashnormal,iphone
get_iplayer --prefs-add --flvstreamer "/usr/bin/flvstreamer"
  • Delete ~/.swfinfo: 
cd ~/.swfinfo
sudo rm *
cd ..
sudo rmdir swfinfo
  • See the website for usage or: 
man get-iplayer
  • Get a current listing of what's available and save it in the home directory 
get-iplayer >~/iplayer-listing.txt
  • Having found some interesting programmes (and noted the numbers found in the left-hand column), download them: 
get-iplayer --get 123 537
  • Some users will need to install rtmpdump for successful streaming.

Netflix Android App

A Netflix app for the Android market is available here. It must be installed in an Android environment.

Virtual Android OS

In Virtualbox (or QEMU, VMWare, or other virtual environment), install the Android-x86 OS using the installer burned to a CD or USB drive. Install the app.

Android SDK emulator

The 32-bit Linux Android Android emulator and SDK requires the Android SDK for Linux, ia32-libs, and sun-java6-jdk.

Internet Radio

Internet radio streams through different ports, so check your firewall if you are not able to play the streams.

Last FM

LastFM is a service for sharing music recommendations and individual radio streams. It is included as an option in Amarok, or can be installed separately: 

sudo apt-get install lastfm

Shoutcast Internet Radio

Shoutcast is the first and last free mp3 streaming service. Hundreds of radio streams can be played through Amarok, Audacious, or other multimedia player. Simply associate the .pls streams with your favourite player (Audacious or XMMS2 recommended).

StreamTuner Stream Directory Browser

StreamTuner lists streams available on the Internet through a GTK-based interface. It lists Shoutcast and Live365 streams, among others. Install: 

sudo apt-get install streamtuner

Streamripper

Streamripper is a standalone command-line utility to record online audio streams (primarily from Shoutcast). A GUI front-end for KDE is available. Install: 

sudo apt-get install kstreamripper

Media Centers and PVR (Personal Video Recorder)

There are a number of open-source Media Centers for Linux, some of which include personal video recorder functions. For a full list of open-source media centers, see this guide.

MythTV

MythTV is a media center with PVR (personal video recorder) for retrieving, recording, and playing broadcast and Internet TV and other multimedia content. It has many options and plugins for expansion. To be useful, you will need a compatible TV tuner card. For setup tips, see this guide. Install: 

sudo apt-get install mythtv

Mythbuntu

Mythbuntu is an integrated Ubuntu (Xubuntu) desktop optimised for MythTV usage. In can be used instead of adding MythTV to a Ubuntu desktop.

XBMC

XBMC is a free, mature, open-source cross-platform media center. It does not have a PVR capability nor as many functions as MythTV, but has a very nice interface. 

deb http://ppa.launchpad.net/team-xbmc-intrepid/ubuntu intrepid main
deb-src http://ppa.launchpad.net/team-xbmc-intrepid/ubuntu intrepid main
  • Install: 
sudo apt-get update
sudo apt-get install xbmc

Boxee

Boxee is an XBMC-like open source package to allow streaming video over the Internet, including from YouTube and other sites. It is a fork of XBMC, and is still in alpha development and testing stage. It is currently available for 32-bit systems only, and recommended for Hardy. A current version is anticipated soon. (Note: Boxee does not run Netflix on Linux, despite their ads). See these download instructions.

Elisa

Elisa is a cross-platform media center that uses the Gstreamer multimedia framework. Commercial plugins are available from Fluendo. It supports PVR and Music Jukebox . Install: 

sudo apt-get install elisa

LinuxMCE

See LinuxMCE.

Multimedia Servers

MPD Multimedia Playing Server

MPD is a music server meant for LAN usage. It can be controlled from remote clients. It can also stream internet streams.

TiMidity++ MIDI Sound Server

TiMidity is a MIDI software synthesizer required by several games and other MIDI-dependent applications. 

sudo apt-get install timidity

uShare UPnP A/V Media Server

uShare is a UPnP media server compatible with the Xbox360 and PS3. 

sudo apt-get install ushare

Also see: How-to: Run uShare at Startup.

Home Automation / Home Theater / Home Security

Complete Systems

Linux MCE (Media Center Edition)

LinuxMCE is an integrated home theater/home security/home automation/telephone PBX/intercom system for your home. It incorporates MythTV, Pluto home automation, Motion security surveillance, Asterisk PBX, VDR video disk recorder, and other home automation/security/theater packages in an integrated platform. It is available in 32 and 64 bit versions. LinuxMCE can run either as a standalone Home Theater PC or can co-ordinate a fully networked home, using the networking capabilities that are intrinsically part of the Kubuntu Linux OS. For more info see the LinuxMCE website or wiki.

The most recent stable version runs on Kubuntu 8.04 (Hardy). A beta version for Kubuntu 10.04 (Lucid) has been released, and the full version is anticipated soon. LinuxMCE can be installed at the same time as the Kubuntu OS (on a new PC with an nVidia graphics card), with a single DVD installation. Alternatively, Kubuntu can be installed first and LinuxMCE then installed from a 2 CD installation.

Other systems in development

  • Minerva -- home automation and multimedia control with a GUI interface. It can even hook into Google Calendar.
  • DomotiGa -- home automation software from the Netherlands, using a MySQL database.
  • NetHomeServer is a Java-based cross-platform automation system authored by a single coder. It is in alpha development but can be downloaded from the website and evaluated.
  • The Wosh framework is message-based middleware to effect home automation processes. the project is in early development.
  • Linux Home Automation contains information regarding many nascent home automation projects.

Home Security

Zoneminder surveillance system

Zoneminder manages surveillance cameras and stores images on the hard disk. Images can be viewed using a (LAMP) server remotely. X10 devices can be triggered using built-in perl scripts. Install: 

sudo apt-get install zoneminder ffmpeg
Myth Zoneminder

MythZoneminder allows you to view your security cameras through Myth TV, essentially. It is a plugin that interfaces the two packages Zoneminder (which must be working on your system) and Myth TV (which must also be working.) See the installation instructions. Install: 

sudo apt-get install mythzoneminder

Office Suites

Open Office

Open Office is installed by default in older versions of (K)Ubuntu, with Writer (Word equivalent), Presentation (PowerPoint equivalent), Calc spreadsheet (Excel equivalent), and Base relational database (Access equivalent).

Open Word 2007 Documents in Open Office

The latest edition of OpenOffice opens .docx (i.e. Word 2007) documents by default.

LibreOffice

LibreOffice is a free and open source (GPL-licensed) office suite similar to OpenOffice. Install: 

sudo add-apt-repository ppa:libreoffice/ppa
sudo apt-get update
sudo apt-get install libreoffice libreoffice-gnome

KOffice

The KOffice suite is part of the KDE project and is meant to provide the capabilities of the OpenOffice suite without the licensing restrictions of OpenOffice. It can be used in any version of Ubuntu. Install: 

sudo apt-get install koffice

AbiWord

AbiWord is a fast, collaboration-enabled word processor. For the most current version see the AbiWord web site. To install from the repositories: 

sudo apt-get install abiword

GoldenDict (Multi-lingual Dictionary and Translator)

GoldenDict is multi-lingual dictionary and translator that supports Babylon and StarDict translation dictionary files and has multiple modular plugins. Install: 

sudo apt-get install goldendict

Xournal

Xournal is a free (GPL-licensed) GTK/Gnome-based application for notetaking, sketching, or keeping a journal using a stylus. Install (universe repositories must be enabled): 

sudo apt-get install xournal

PDF Files

PDF is the file format used by Adobe Acrobat (which can be read by many e-book readers as well). There are many PDF-oriented utilities available in Ubuntu. In the Synaptic Package Manager, search for "pdf".

Print to a PDF file

(K)Ubuntu allows printing of any document to the PDF format by default. From any application:

File -> Print -> Print to File -> Output: PDF

View a PDF document

Evince is the default PDF document viewer in Ubuntu. PDF files are associated by default with Evince, so clicking on a PDF file (from a file manager such as Nautilus) will open it with Evince. Evince can also be started:

Menu -> Office -> Evince

Scan to a PDF file

Gscan2pdf is a utility to do exactly that: scan to a PDF file. Multiple options for scanning can be set. Install: 

sudo apt-get install gscan2pdf

PDF-Shuffler (PDF file management)

PDF-Shuffler is a free GTK-based utility to manipulate multiple PDF files, allowing individual pages or entire PDF documents to be re-arranged, rotated, merged, or deleted. This is an essential tool for working with PDF files. Install: 

sudo apt-get install pdf-shuffler
Run:
Menu -> Office -> PDF-Shuffler

MaxView (PDF file management)

MaxView is a utility to capture, manipulate and rearrange, and print .pdf and .max files. Written in Qt, it is similar in some respects to Paperport.

  • Download and install the .deb package (use i386 instead of amd64 if using a 32-bit OS): 
wget -O maxview_current.deb http://sourceforge.net/projects/maxview/files/maxview0.7-2/maxview_0.7-2_amd64_maverick.deb/download
sudo dpkg -i maxview_current.deb
  • Start MaxView in a GUI by creating a menu item with the Command: maxview /home/user, where /home/user is the directory in which you wish MaxView to start.

PDFMod (PDF file management)

PdfMod is a Gnome-based application to reorder, rotate, and remove pages, export images from a document, edit the title, subject, author, and keywords, and combine documents via drag and drop. Install: 

sudo add-apt-repository ppa:pdfmod-team/ppa
sudo apt-get update
sudo apt-get install pdfmod

PDFedit (PDF file editor)

PDFedit is a free (GPL-licensed), Qt-based PDF file editing and manipulation program that uses a GUI for editing. Install: 

sudo apt-get install pdfedit

Import PDF files into a word processor

Import PDF files into OpenOffice Writer

PDF files can be imported into the OpenOffice Writer word processor as a hybrid document (not a scanned character document) by installing: 

sudo apt-get install openoffice.org-pdfimport
Import PDF files into KWord

Kword is the Word Processor package in KOffice. It allows the importing of PDF files by default.

PDF-XChange (PDF file editor)

PDF-XChange is a free Windows-based application to view, modify, or perform simple editing of PDF files. It works under Wine.

eBooks

FBReader (e-book reader)

FBReader is a free cross-platform e-book reader, based on the GTK platform. Install: 

sudo apt-get install fbreader

Calibre (eBook conversion)

Calibre is an eBook reader, library manager, and tool for conversion between many eBook formats (including the .epub format). Install: 

sudo apt-get install calibre
  • eBook conversion examples and tips are here.

Sigil (eBook editing and conversion)

Sigil allows creation and editing of an eBook in .epub format and conversion from other formats. Download and install the binary from the website.

eCub (eBook editing and conversion)

eCub allows creation and editing of an eBook in .epub format and conversion from other formats. Download and install the .deb package from the website.

Personal Information Managers

Kontact Personal Information Manager

Kontact is the default PIM included with Kubuntu. Kontact includes email, an address book, a calendar, reminders, pop-up notes, a link to the Akregator News/RSS reader, time-tracking, and more. Its many functions resemble MS-Outlook. Through connectors it interfaces with many groupware servers (such as Kolab and eGroupware). Install: 

sudo apt-get install kontact

Mozilla Sunbird (Calendar)

Sunbird is a standalone group calendar client that in the future will be replaced by the Lightning extension for Thunderbird and Firefox. (It is available in a 64-bit and 32-bit version, whereas the Lightning extension is currently only available in a 32-bit version.) Download from the website and install by clicking on the downloaded file to extract, or: 

sudo mkdir /etc/sunbird
cd /etc/sunbird
sudo wget -O sunbird-current.tar.bz2 http://download.mozilla.org/?product=sunbird-1.0b1&os=linux64&lang=en-US
tar -xvjf sunbird-current.tar.bz2
Replace os=linux64 with os=linux if using a 32-bit OS.
  • Then create a menu item named Sunbird to point to the Command: /etc/sunbird/sunbird

BasKet Note Pads

BasKet Note Pads is a personal note-taking application that resides on your computer and can be used for creating "to-do" lists. It is great for centralising your thoughts in one place. Install it: 

sudo apt-get install basket

Planner (Project planning & management)

Planner is an MS-Project-like planning and management tool. 

sudo apt-get install planner

Time Tracker

You can keep track how long you use an application with TimeTracker. Keep records for billing or simply limit your Internet usage.

Financial Software

For a brief introduction, see this list of 10 Linux financial tools.

KMyMoney (Personal Finance Management)

KMyMoney is a personal finance manager that uses double entry accounting, the method professional accountants use. It is similar to MS-MyMoney and Intuit Quicken, with automatic setup of categories for businesses. It is designed for the KDE/Kubuntu desktop (but will work in Gnome/Ubuntu). Install: 

sudo apt-get install kmymoney2

GnuCash (Personal Finance Management)

GnuCash is a free, open source GPL-licensed personal finance manager that uses double entry accounting like professional accountants. It is GTK-based (Gnome 2). The current version can be installed from source files (see the website for installation instructions), or the package version can be installed: 

sudo apt-get install gnucash

Skrooge (Personal Finance Management)

Skrooge is a free, GPL-licensed personal finances manager written for the KDE desktop that is able to import/export data to/from many other finance managers. 

sudo apt-get install skrooge

Moneydance (Personal Finance Management)

Moneydance is a commercial cross-platform Java-based personal finance manager similar to KMyMoney that sells for $50 per license.

SQL-Ledger (Enterprise Finance Management)

SQL-Ledger ERP is a free, open-source, platform independent double-accounting-method system and enterprise resource planner (inventory, work and purchase orders, taxes, etc.) that uses the SQL database server (PostgreSQL/Oracle/Mysql databases). It uses a web browser for an interface and be accessed remotely. It is extremely comprehensive and is available in many languages. Install: 

sudo apt-get install sql-ledger

LedgerSMB (Enterprise Finance Management)

LedgerSMB is a fork of the SQL-Ledger project that offers fairly solid AR, AP, and GL tracking as well as inventory control. It is in rapid development and encourages community support. A Debian (.deb) package is available here.

WebERP (Enterprise Finance Management)

WebERP is a free, open-source enterprise resource planner and accounting suite similar to SQL-Ledger that uses a web browser as an interface. It runs on the LAMP server. It is somewhat difficult to implement and use, but conforms to strict accounting guidelines. Set up your LAMP server first, then install using the web site instructions.

Phreebooks (Enterprise Finance Management)

Phreebooks is a free open-source enterprise resource planner and accounting suite similar to WebERP. It also runs on a LAMP server. It is in active development in 2008. A demo is available at the website.

Quasar (Enterprise Finance Management)

Quasar is a proprietary Linux-based accounting suite similar to Quickbooks. For a single user without point-of-sale or networking needs, it is free. For other users it costs CA$500 per seat. An installer for KDE-based systems is here.

Stock Market monitoring software

  • BeanCounter - A stock portfolio performance monitoring tool. Install: 
sudo apt-get install beancounter
  • Smtm - Show Me The Money is a configurable Perl/Tk stock ticker program. Written by the creator of BeanCounter. 
sudo apt-get install smtm
  • Qtstalker - commodity and stock market charting and technical analysis 
sudo apt-get install qtstalker

Groupware

Groupware solutions include shared calendars, group email servers, groups address lists, group projects, and internal messaging. They require (one or more) servers with LAMP or similar server stacks.

Groupware Servers

Groupware servers are meant to operate on a server platform. You should install the server version of Ubuntu (in the interest of speed) for a dedicated groupware server. Read Servers.

Kolab

Kolab is the most comprehensive open-source groupware solution available and is distributed as a multi-platform solution. (It integrates easily with both Ubuntu (including Evolution) and KDE/Kubuntu (including Kontact).) It is free and open source with a GPL license (unlike other groupware solutions), yet enterprise support is also available. It is scalable to large organizations and is Outlook (MS-Exchange) and Mozilla compatible. This is a German package, however, and documentation in English can occasionally be limited. The Kolab website provides its own instructions for installation from source (currently v. 2.2). Version 2.2 includes the Horde web interface. The current beta Debian package instructions are here or the OpenPkg installation instructions are here.

  • Note: Kolab uses its own server components, and it is best to run Kolab on a dedicated server. However, it is possible to run other servers on the same machine, as long as you choose alternate ports if the server modules conflict.
  • Install the compiler and other necessary stuff: 
sudo apt-get install build-essential

Kolab Ubuntu package

  • There is an Ubuntu/Kubuntu package for the new version of Kolab (v. 2.2), but no documentation support for it yet exists. Install: 
sudo apt-get install kolabd

Manual Kolab installation

  • Make a directory for the Kolab installation and make it universally accessible: 
sudo cd /
sudo mkdir /kolab
sudo chmod 777 /kolab
  • Optional: If you wish to mount kolab in its own partition, then create a new partition (using Gparted, for example). Figure out the device name of your extra partition: 
sudo fdisk -l
It should be something like /dev/sda3.
Mount /dev/sda3 (or whatever your partition is) as /kolab by editing /etc/fstab: 
sudo nano /etc/fstab
and adding the line: 
/dev/sda3  /kolab  ext3  defaults,rw 0 0
then reboot and make sure there are no errors.
  • Make a directory into which to download kolab: 
cd /tmp
mkdir /kolabtmp
  • Download all the current Kolab files: 
cd /tmp/kolabtmp
wget -r -l1 -nd --no-parent http://files.kolab.org/server/release/kolab-server-2.2.2/sources/
  • Install Kolab (as root using sudo -s): 
sudo -s
sh install-kolab.sh 2>&1 | tee kolab-install.log
  • Reboot your system.
  • Stop Kolab services and run the configuration utility: 
sudo /kolab/bin/openpkg rc all stop
sudo /kolab/sbin/kolab_bootstrap -b
Obviously, you should know all your details, such as your fully qualified host name (which you can determine from hostname -f), domain details, etc., before doing this step. If you are not familiar with OpenLDAPand LDAP basics, you should learn about it, as Kolab uses the slapd OpenLDAP server daemon.
  • Restart all Kolab services: 
sudo /kolab/bin/openpkg rc all start
  • Login to the web administrator interface using "manager" and the password you set at bootstrap configuration: 
https://yourhost.yourdomain.name/admin

Citadel

Citadel is a turn-key fully open source groupware solution (that is both KDE and Kolab-1 compliant). Based on a bulletin-board framework spanning over 20 years, it is user friendly and interfaces with both KDE and Gnome apps and also has a web-based client. It is also WebDAV compliant and can be used with Thunderbird.

  • Install the Citadel server: 
sudo apt-get install citadel-server
  • Install the Citadel client: 
sudo apt-get install citadel-client
  • Install both: 
sudo apt-get install citadel-suite

eGroupware

eGroupware is a robust and stable free open source groupware solution (with GPL license) based on the LAMP stack (the default server stack included with Ubuntu Server) and the Postfix mail server (both of which should be installed first). There is a new version recently available, with a new corporate sponsor in Germany and a commercial enterprise version. Compatibility with many clients has been improved. Egroupware provides the easiest installation and quickest setup time of all groupware solutions. Much of the documentation for the current version, unfortunately, is not in English. 

sudo apt-get install egroupware

Open-Xchange

Open-Xchange is a proprietary groupware solution (meant as an MS-Exchange replacement) that has released a "community edition" based on commercial versions. The latest .deb package is for Hardy Heron 8.04. It is compliant with many different types of clients, including Kontact, Outlook, and Palm PDAs. Installation instructions are at the website and are not trivial.

OpenGroupware

OpenGroupware is a groupware solution based on the postgreSQL database. There is an enterprise version and a limited open source version, and development appears to have been stagnant in 2008. Installation must be from source, as packages are very outdated. See the website for details.

Zarafa

Zarafa is the leading European MS-Exchange replacement/groupware solution. It is proprietary, but a GPL-licensed (except for trademarks) free open-source community edition was released in 2008. Download instructions are available from the website.

Zimbra

Zimbra is a proprietary groupware solution (now owned by VMWare) that offers an open source "community edition". Although currently free, the community edition is limited in features and does not have a GPL license. All submitted modifications and contributions become the property of VMWare. See the Zimbra wiki.

A Beta version for Lucid Lynx 10.04 LTS is available for 64-bit users, or the older Hardy 8.04 version can be used.

SchoolTool

SchoolTool is a free open source groupware solution for use in primary and secondary schools which includes calendaring, gradebooks, attendance records, and student information databases. It was created with the help of the Shuttleworth Foundation (which also sponsors Ubuntu). See these installation instructions.

SugarCRM Community Edition

SugarCRM is a customer-relationship management system that is used to co-ordinate a sales force (sales, marketing, support, project management, calendaring). SugarCRM has a community edition that is one of the most widely used. A LAMP server stack should be installed first ( sudo tasksel install lamp-server ). Extract SugarCRM to /var/www and then logon to http://localhost/SUGAR-FOLDER. Alternatively, for a new server SugarCRM provides a (binary) integrated installation of the LAMP stack with the SugarCRM Community Edition.

Groupware Clients

Many groupware solutions have connectors to interface with clients such as Kontact/KMail and Mozilla Thunderbird (or SeaMonkey).

Evolution Exchange

The Evolution Exchange connector adds connectivity (using Outlook Web Access) to the Evolution suite for MS Exchange 2000 and 2003. Install: 

sudo apt-get install evolution-exchange

Kontact Personal Information Manager

The Kontact Personal Information Manager, included in Kubuntu by default, interfaces with many groupware servers.

KDE Groupware Wizard

Kubuntu provides a wizard (script) to help clients (such as Kontact/Kmail) connect to a groupware server. Currently supported groupware servers are Kolab, eGroupware, SUSE Linux Openexchange, and Novell Groupwise.

Zimbra Desktop

Zimbra Desktop is a desktop that collaborates with Zimbra servers. See the Zimbra Desktop FAQ. For more info also see this Ubuntu Forums Zimbra Desktop Installation thread.

Oracle Calendar Desktop Client

The Oracle Calendar Desktop Client is proprietary calendaring software for use with Oracle groupware/database systems.

Download Oracle Calendar Desktop Client: 

wget http://www.k-state.edu/infotech/calendar/oracle-10-clients/DesktopClients/Linux/cal_linux_1011.tar.gz

Extract: 

tar -xvf cal_linux_1011.tar.gz

Change into the extracted files directory: 

cd OracleCalendar_inst/

Prepare the files: 

mv cal_linux cal_linux.bak; cat cal_linux.bak | sed "s/export LD_ASSUME_KERNEL/#xport LD_ASSUME_KERNEL/" > cal_linux; rm cal_linux.bak

Change permissions: 

chmod +x gui_install.sh cal_linux

Start the GUI installer: 

sudo sh gui_install.sh

Group Calendars

DAViCal Calendar Server

DAViCal is a CalDAV, postgreSQL, Apache and php-based shared Calendar server that works with Mozilla Thunderbird/Lightning/Sunbird, Evolution, and other calendar clients. Install: 

sudo apt-get install davical

Then see these detailed installation instructions.

Darwin Calendar Server

Darwin Calendar Server is an open-source port of Apple's CalDAV-based calendar server that works with Mozilla Thunderbird/Lightning/Sunbird, Evolution, and other calendar clients. Install version 1.2 from the repositories (then see the website for usage instructions): 

sudo apt-get install calendarserver

WebCalendar

WebCalendar is an ICS-based server for group calendars that can use many different databases as the backend, is written in PHP, and is compatible with clients such as Sunbird/Thunderbird (Lightning), Apple iCal, and Evolution. The newest version can also be viewed using RSS clients. See the website and the wiki for installing the newest (1.2) version. Install the older (1.05) version from the repositories: 

sudo apt-get install webcalendar

Mail servers

Postfix / Dovecot (Mail Server)

Postfix is a free open source mail server. It interfaces directly to Dovecot, the free open source IMAP and POP3 server. For more information see the official Ubuntu documentation. The dovecot-postfix metapackage installs the components and customizes the configuration files to use the Maildir (mail spooling) folder system by default. Imap and Pop3 modules, SMTP, and SASL/TLS (with self-signed certificates) are installed by default. 

sudo apt-get install dovecot-postfix

For tips on setting up a personal mail server, see here.

iRedMail

iRedMail is an integrated package that includes Dovecot, Postfix, a choice of OpenLDAP (with phpLDAPAdmin) or MySQL for the database, Roundcubemail or Squirrelmail for web-based mail access, phpAdmin, PostfixAdmin, and AWStats. It is optimized for Lucid 10.04 LTS and is best installed on a fresh server (since it resets many email configuration files). There is a community edition with many of the features of the commercial edition.

Wiki software

Wiki software allows an organization to have a manual that can be edited by a number of collaborators. Wikipedia is the best known example.

MediaWiki

MediaWiki is the free, open source server software that Wikipedia uses. It is scalable to very large uses. It runs on the LAMP server stack (which uses the MySQL database and is available as an installation option with the (K)ubuntu server), or it can be used with a postgreSQL database. See these detailed instructions. (Other instructions are also available here.) Install from the repositories: 

sudo apt-get install mediawiki
  • Edit the config file so it recognizes MediaWiki: 
sudo nano /etc/mediawiki/apache.conf

Uncomment (remove the #) the line: 

Alias /mediawiki /var/lib/mediawiki
  • Restart apache2: 
sudo /etc/init.d/apache2 restart
  • Run/install MediaWiki by logging into: 
http://localhost/mediawiki
You will be prompted for configuration variables to be set. The trickiest is the MySQL user/password. Hopefully you remember your MySQL superuser that you set at the time of LAMP (or MySQL) installation.
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original): 
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_at_install.php

Edit your configuration variables there: 

sudo kate /etc/mediawiki/LocalSettings.php
  • If you are using a virtual host server, make a symbolic link (named in this example mywiki) from your /usr/share/mediawiki installation folder to your /var/www folder: 
sudo ln -s /usr/share/mediawiki /var/www/mywiki

then make sure you have an apache2 virtual hosts configuration file (in /etc/apache2/sites-available) that points to /var/www/mywiki as the DocumentRoot. Make a symbolic link from your virtual host configuration file in /etc/apache2/sites-available to /etc/apache2/sites-enabled to enable it. Restart apache2 after enabling the sites. (Warning: MediaWiki is not secure at installation and can be easily hacked by new users. Do not publish your wiki to the Internet before reading all the instructions and changing the configuration file (LocalSettings.php) so that it is more secure.) You would then access the database at: 

http://my.virtualwikihost.org

Twiki

Twiki is an open source wiki engine used by many small to medium size companies internally. It has an active development team with multiple plugins. See the website for installation instructions. Install: 

sudo apt-get install twiki

Moin Moin

Moin Moin is free, open source (GPL-licensed) wiki software written using Python, with a large community of users, including the Apache, Debian, and Ubuntu wikis. See these Ubuntu installation instructions. Install: 

sudo apt-get install python-moinmoin

TiddlyWiki

TiddlyWiki is an open source personal wiki. It is ideal for creating a list of things to do, note taking, or as a collaboration tool for a small team. It is a single HTML file that can reside on your computer or can even be uploaded to a web server and be used as a simple website. It is developed using a Firefox browser as an interface. Installation instructions are on the website.

Web Publishing

Drupal (Web content publishing)

Drupal is the leading open-source website creation and content collaboration tools. A modular approach to website building, from simple out-of-the-box websites to complex sites is possible with a short learning curve. Get more info on how to get started. Drupal requires an installation of a LAMP server stack; if you have not already installed LAMP, it will be installed along with Drupal. I have found it easier to use the MySQL database (the "M" in LAMP), but Drupal can also integrate with PostgreSQL if you have it installed.

Drupal7

Drupal7 is available as a Debian package here.

The package for your system (32-bit or 64-bit) can be downloaded and directly installed on a newer (K)Ubuntu OS, or the Debian repository can be added (as mentioned in the instructions on the download page) and then the package installed using a package manager such as Synaptic or KPackageKit.

Drupal6 (Web content publishing)

Drupal6 is available as a package, or from the command-line terminal: 

sudo apt-get install drupal6
  • After everything is installed (and the problems below sorted out), restart the apache2 server: 
sudo /etc/init.d/apache2 restart
  • Finish installation through your browser: 
http://localhost/drupal6/install.php

You can then also see these installation tips for installing through the browser, then see these Drupal site building tips. A Drupal/Ubuntu users group is found at Drubuntu.

Installation quirks
Exim vs. Postfix

Exim and Postfix are mail handlers. I had installed Postfix at the time I installed my Ubuntu server (but was not using it). But Drupal6 uses Exim and therefore removes Postfix at installation and installs Exim instead. Therefore, it is better not to use Drupal6 on a mail server that uses Postfix.

WordPress

WordPress is a popular free open source web content manager that started as a blog tool and now incorporates many publishing elements. For bloggers and small to medium-sized websites, WordPress provides the fastest installation and customization process with many modules. WordPress requires an installation of a LAMP server stack first. Then install: 

sudo apt-get install wordpress
  • Make a symbolic link from your Apache2 www folder to your installation folder and install a new MySQL database named localhost to use with WordPress: 
sudo ln -s /usr/share/wordpress /var/www/wordpress
sudo bash /usr/share/doc/wordpress/examples/setup-mysql -n wordpress localhost

Note: If you already know the name of your (virtual) host URL for WordPress, then use it as the name of your database instead of localhost. For example, my URL is mysite_x.homeserve.org so my command is: 

sudo bash /usr/share/doc/wordpress/examples/setup-mysql -n wordpress mysite_x.homeserve.org
  • If you will access your WordPress server through a virtual host, then create your virtual host configuration file in the /etc/apache2/sites-available folder. Once you have edited the file, make a symbolic link from it to the /etc/apache2/sites-enabled folder. Restart apache2: 
sudo /etc/init.d/apache2 restart
  • Install WordPress through a browser:
http://localhost/wordpress
or, if you are using a virtual host:
http:/mysite_x.homeserve.org/wordpress

Note: The Jaunty repositories contain version 2.7.1, which is subject to a security worm. If you install this version, please update immediately to the current version from the Tools -> Upgrade menu. (Alternatively, install the current source version from the website.)

For the automatic updater to work, all the WordPress files, folders, and subfolders must be owned by www-data (which is also the owner of the apache2 process) prior to updating. 

sudo chown -R www-data /usr/share/wordpress

Joomla (Web content publishing)

Joomla is a powerful open source website creation and content management tool that allows website creation for use in every arena from the simple to complex corporate environments. Info for beginners is a good place to start.

Scribus (Desktop publishing)

Scribus is an open-source package that provides professional-appearing desktop publishing. 

sudo apt-get install scribus

Plone (Content Management System)

Plone is a free, open source (GPL-licensed) multi-platform content management system used by many large organizations around the world. It is available with an integrated installer here. Some users have had some difficulties in Jaunty, due to changes in Python.

Gallery (Photo album website)

Gallery is a PHP-based method of presenting a photo album on a website. A Drupal interface is also available for Gallery2. Install: 

sudo apt-get install gallery2

phpBB (Forums)

phpBB is the leading open source platform for Forums. A LAMP server stack (or PostgreSQL database instead of MySQL) will be required and should be installed first. Then make sure the universe repositories are enabled and install: 

sudo apt-get install phpbb3

Distance teaching

Moodle

Moodle is a free open source platform for hosting online learning courses. It can be integrated with webinar software. A LAMP server installation is required (sudo tasksel install lamp-server). Also find free Moodle themes here. Install: 

sudo apt-get install moodle
  • Database server software for Moodle: mysql-server -> follow remainder of instructions. Assuming the database is hosted on the same computer as the one Moodle is being installed upon, accept localhost for the options when prompted.
  • Edit Moodle configuration options (if needed). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/moodle/config.php
  • Edit Moodle apache2 configuration file (if needed). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/moodle/apache.conf
  • Finish installation through the browser. (I recommend the "unattended" installation.)
http://localhost/moodle/admin

For more information, see these detailed tips. Moodle can also be integrated with other CMS systems, as well.

Claroline

Claroline is a free open source platform for hosting e-learning courses and online student collaboration. A LAMP server installation is required. Installation is from source files available at the website, with instructions found here.

Dokeos

Dokeos has a free learning platform, but also a medically-oriented proprietary platform that includes modules for case presentations and imaging. It is widely used in Europe.

Software Development

Kompozer Web Development Editor

Kompozer is a Gecko-based web authoring system that combines web page editing with web file management in a WYSIWYG manner. It supports XML, CSS, and JavaScript in an XUL architecture. 

sudo apt-get install kompozer

Quanta Plus (Web IDE)

Quanta Plus is an integrated development environment integrated with the KDE desktop. It allows webpage development, database design, and XML design and scripting, for example, using multiple development tools. The latest stable version is 3.5, however, and integrates with the KDE 3.5 environment (Ubuntu Hardy Heron). You should therefore use Ubuntu Hardy Heron with this product. (There is also a commercial version (Quanta Gold), also oriented towards KDE 3). 

sudo apt-get install quanta kompare kxsldbg cervisia

Netbeans IDE

Netbeans is a free open-source integrated development environment used to create applications using Ajax, Ruby, pHp, Groovy, Java, Javascript, C++, and other scripting tools. 

sudo apt-get install netbeans

BlueFish Web Development Editor

BlueFish is a GTK-based (Gnome-oriented) editor to write websites, scripts and programming code. It supports perl, Python, pHp, CSS, XML, Java, Javascript, C, SQL, and other formats. 

sudo apt-get install bluefish

Gobby (Multi-user development)

Gobby is a free, multi-platform open source collaborative editor supporting multiple documents in one session and a multi-user chat. Install: 

sudo apt-get install gobby

Eclipse IDE

Eclipse is a free open-source cross-platform integrated development environment with plugin support for a large set of programming languages, e.g. Java, C/C++, Python, PHP. 

sudo apt-get install eclipse

Version control software

Copies of software being developed at many different locations require a method to ensure that the multiple distributed copies remain synchronized. This can be done using a central repository or using a distributed synchronization technique. For further information, see the official Ubuntu documentation. Several version control platforms exist:

Git

  • Git allows distributed synchronization and is currently one of the most widely used systems. Also see the Ubuntu community documentation. The git client can be installed: 
sudo apt-get install git
and the gitosis server software: 
sudo apt-get install gitosis

SparkleShare (Git frontend)

SparkleShare is a Git repository server/client frontend. Installation is by adding a PPA repositoryand then installing: 

sudo add-apt-repository ppa:warp10/sparkleshare 
sudo apt-get update
sudo apt-get install sparkleshare

Personal repositories

(K)Ubuntu uses Debian (.deb) packages. Individuals or organizations can create repositories for personal or specialized use. See the Debian wiki introduction. Also see this Ubuntu community advice and this.

mini-dinstall

Using mini-dinstall with dput, a simple repository can be created. This can then be copied to an online server for public or private access. See this tutorial and this.

Debarchiver

DebArchiver is a command-line utility that allows the creation of a folder-based repository. Instructions are from man debarchiver. Install: 

sudo apt-get install debarchiver

FTP (online file transfer)

Also see these FTP tips.

WebDAV (online folders)

Maps and GPS

Google Earth

Google Earth gives you an annotated eagle's eye view of our planet. This is a free proprietary package (you must accept the license to use this package). 

sudo apt-get install googleearth-package
make-googleearth-package --force
Doubleclick on the resulting .deb file.
-- or --

To install the latest Linux binary, download and save the GoogleEarthLinux.bin (currently version 5 ) package from Google Earth downloads. (You may alternatively download the previous version (4.3), named googleearth-linux-plus-4.3.7284.3916.bin or something similar.) 

wget http://dl.google.com/earth/client/current/GoogleEarthLinux.bin

Then install: 

chmod +x GoogleEarthLinux.bin
./GoogleEarthLinux.bin

Run:

K menu -> Internet -> Google Earth 3D planet viewer

You should turn off the Google Earth -> View -> Atmosphere setting, or you might see clouds everywhere and the ground won't show up.

Troubleshooting

  • If Google Earth opens, shows the splash screen, and then crashes, you’re probably experiencing a common issue. Running ~/google-earth/googleearth in a terminal will show this error:

./googleearth-bin: relocation error: /usr/lib/i686/cmov/libssl.so.0.9.8: symbol BIO_test_flags, version OPENSSL_0.9.8 not defined in file libcrypto.so.0.9.8 with link time reference

To fix this, browse to the folder you installed Google Earth into. (If you installed manually, this will be google-earth in your home folder.) Find the file libcrypto.so.0.9.8 and rename it to something else, like libcrypto.so.0.9.8.bak. Google Earth should now start correctly. 

cd ~/google-earth
sudo mv libcrypto.so.0.9.8 libcrypto.so.0.9.8.bak
sudo ln -s /usr/lib/libcrypto.so.0.9.8 ~/google-earth/libcrypto.so.0.9.8
(Note: You can also specify /home/user/google-earth instead of ~/google-earth ).
  • On my display, I had to disable desktop effects (K menu -> System -> System Settings -> Desktop -> Desktop Effects) to get the display to work.

For other issues, see the Ubuntu help pages on Google Earth. Be careful of some of the suggestions there.

For example, if you turned on OpenGL desktop effects (using K Menu -> System Settings -> Desktop -> Desktop Effects -> General -> Advanced Options) and your display goes blank and you can't restore it, you will have to edit the settings file manually from the command-line to reset your mistake. 

nano ~/.kde/share/config/kwinrc

In the section title [Compositing], under the line Backend=OpenGL (or whichever backend you had selected) change the line below it to read: 

Enabled=false

The will reset your display and you can then reboot successfully into your default display (to try different settings from the menu again, if you wish).

Uninstall Google Earth

To uninstall run the uninstall shell script located in the /home/user/google-earth folder (or whichever folder you installed google-earth into).

GPS

Tux Mobil has a list of Linux applications for use with GPS devices, and compatible hardware. Two GPS packages are available from the Ubuntu/Kubuntu respositories:

  • Viking is a free open source package to view GPS data in maps, and to plot co-ordinates. This has been reviewed as the best Linux GPS mapping program. 
sudo apt-get install viking
  • GPS Drive is a free navigation software package that displays your position on a zoomable map using your GPS device. It is GTK-based but can be used in Kubuntu. It uses the gpsd daemon that interfaces with a variety of GPS hardware. A .deb package of the current version is also available from the website. Install: 
 sudo apt-get install gpsdrive
  • tangoGPS is a beautiful, lightweight GPS mapping program that uses map data from the Openstreetmap project. Is is a GPL-licensed open source project. A .deb package can be found here.

Celestial (Star) Maps

Celestia

Celestia is a free planetarium and space simulator for the desktop. Install: 

sudo apt-get install celestia

Stellarium

Stellarium is an astounding planetarium for the desktop. Install: 

sudo apt-get install stellarium

Science, Technology, and Engineering Applications

What .. you thought (K)Ubuntu was just for play? Also see Ubuntu Science.

Health applications

OpenEMR (Electronic Health Record)

OpenEMR is a mature, robust, outpatient-setting electronic medical record system that is certified in the US.

  • Make sure the LAMP (Linux, Apache, MySQL, PHP5) stack is installed first: 
sudo tasksel install lamp-server

VistA (Enterprise Electronic Health Record)

OpenVistA and WorldVistA are two varieties of the largest and most robust CCHIT-approved electronic health record platform in the public domain. They are GPL licensed, are based on the US Veterans Administration health record system, and can be installed as an integrated database, server, and client system. See the detailed download and installation instructions for OpenVistA and WorldVistA, or visit Vistapedia for other instructions. Also see the Ultimate Server with OpenVistA EHR.

CAD

  • QCAD is a commercial CAD alternative to AutoCAD with a community open source edition. Install: 
sudo apt-get install qcad
  • VariCAD is a commercial 3D CAD package for multiple platforms (including Linux). There is no open source or community version.

Mathematical solutions

Scilab, Octave, and Freemat are three open source solutions for solving complex numerical mathematical problems. Symbolic mathematical problems can be solved with Maxima and Mathomatic. All of these programs are included in the Ubuntu Universe repositories.

Octave

Gnu Octave is a free, open source (GPL licensed) platform for solving linear and non-linear equations, similar to (and mostly compatible with) Matlab. It interfaces well with Gnuplot. For troubleshooting tips, see this thread. Install: 

sudo apt-get install octave3.0

Also recommended: 

sudo apt-get install libatlas3gf-base gnuplot qtoctave

Note: QTOctave is a GUI for Gnuplot or Easyplot 1.1, and and the ATLAS library is an algebra-software-optimization set of utilities.

EasyPlot 1.1 is an alternative to GnuPlot, with a version that can be used with QTOctave. It must be installed from source.

An older GUI for Octave/Gnuplot is qgfe (available as the package qgfe).

Freemat

Freemat is a free, open source (GPL licensed) platform for solving linear and non-linear equations, similar to (and mostly compatible with) Matlab. Install from Add/Remove Programs (Edutainment) or 

sudo apt-get install freemat

Maxima

Maxima is a free, open source (GPL licensed) computer algebra system (CAS) for doing symbolic mathematics. It can solve equations with many variables, simplify expressions, do calculus, and many other advanced operations. To install: 

sudo apt-get install wxmaxima

To run, enter: 

maxima

or select wxMaxima from the Applications/Science menu. wxMaxima is the standard Maxima GUI.

Mathomatic

Mathomatic is a free, open source (LGPL licensed) command-line computer algebra system for doing calculations and symbolic mathematics. It can automatically solve and simplify algebraic equations, do some calculus, and other simple but useful operations. To install: 

sudo apt-get install mathomatic mathomatic-primes

To run, enter: 

mathomatic

or select it from the Applications/Science menu.

Amateur Radio applications

Fldigi is a free, open-source (GPL) application for digital-mode amateur radio communications using a sound card. Enable "Community Maintained Software (universe)" in Software Sources; then install either from Add/Remove Programs under (Amateur Radio) or by typing 

sudo apt-get install fldigi

Amateur Electronics

Arduino

Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It's intended for artists, designers, and hobbyists interested in creating interactive objects or environments. See this tutorial.

LaTeX

LaTeX is a LaTeX is a free high-quality typesetting system for the production of technical and scientific documentation.

LyX

LyX is a WYSIWYG frontend and GUI interface useful in creating documents formatted for LaTeX. Install: 

sudo apt-get install lyx

LaTeX Reference Managers

  • The standard LaTeX bibliography (BibTeX) tool can be manipulated with one of several tools:
  • nbibtex. Install: 
sudo apt-get install nbibtex
  • jabref. Install: 
sudo apt-get install jabref
  • biblatex. Install: 
sudo apt-get install biblatex
  • kbibtex (for KDE). Install: 
sudo apt-get install kbibtex
  • Zotero is a Firefox plugin that allows culling references (and reference content) from online references.

Miscellaneous software (not endorsed by this guide)

JBidwatcher

JBidwatcher is a Java-based application allowing you to monitor auctions, submit bids, snipe (bid at the last moment), and otherwise track your auction-site experience. See the website for more details.

Utilities

Utilities facilitate everyday tasks, such as keeping the clock up to date, archiving utilities, and more.

Archiving Utilities

ZIP

The command-line terminal utility ZIP creates files that are compatible with the time-honored PKZIP and WinZip. It is included in (K)Ubuntu by default. Extracting zip files can be done with the unzip utility. using the -P option allows using a password for the files: 

zip -r -P mypassword desination.zip *

Note: The -r option indicates to include all subdirectories recursively.

FileRoller (Archiving GUI)

FileRoller is a GUI for many types of archival utilities.

X-archiver (Archiving GUI)

Xarchiver is a GTK-based GUI front-end for many archiving utilities. Install: 

sudo apt-get install xarchiver

BChunk

BChunk is a command-line utility that allows you to convert .cue and .bin files into an .iso file (so that they can be opened and manipulated in Ubuntu). Warning: If the bin/cue image has audio tracks, they will be lost.

Get BChunk 

sudo apt-get install bchunk

To convert .cue and .bin files, navigate to the folder and run this command (replacing filenames with your own): 

bchunk inputfilename.bin inputfilename.cue outputfilename.iso

After the file is converted into ISO you can mount it using: 

sudo mount -o loop outputfilename.iso /media/output

Navigate to /media/output and you should see all the content there. You can then copy it anywhere.

To unmount: 

sudo umount /media/output

HJSplit Files Joiner/Splitter

HJSplit for Linux (Java version).

  • Make sure you have Java Runtime Environment installed: 
sudo apt-get install sun-java6-jre
  • Download the HJSplit JAR file: 
wget http://www.freebyte.com/download/hjsplit/hjsplit_g.jar
  • Create the directory for HJSplit: 
sudo mkdir /opt/hjsplit
  • Move the file to an appropriate directory: 
sudo mv hjsplit_g.jar /opt/hjsplit/
  • Run: 
cd /opt/hjsplit/ && java -jar hjsplit_g.jar
Note: You could also make a terminal shortcut (menu item) in K Menu Editor.

Rar

Rar archives files into the proprietary .rar format. 

sudo apt-get install rar

This application is a 40-day trial.

Unrar

Unrar extracts files archived with the proprietary .rar format. A free version can be installed: 

sudo apt-get install unrar-free

or the proprietary version (also free for noncommercial use) can be installed with the ubuntu-restricted-extras package or with: 

sudo apt-get install unrar

7-Zip

The open-source 7-Zip archive format was originally designed for Windows (and DOS) but is also available for Ubuntu. The GNU/Linux version of 7-Zip does not come with a GUI, but Ark can hook into 7-Zip to handle 7z archives. Install: 

sudo apt-get install p7zip-full

To allow the 7-Zip extension for Ark to extract .rar files, also install: 

sudo apt-get install p7zip-rar

Hard Drive Utilities

KDiskFree (Hard drive properties monitor)

KDiskFree is a KDE utility for monitoring free disk space, etc. 

sudo apt-get install kdf

Clock Utilties

Screensavers

A screensaver is useful as a security precaution as well as a power and screen element saver. Using even a simple "Blank Screen" screensaver with a password can slow a potentially malicious passerby from gaining access to your keyboard and computer while you are away from your desk.

Menu -> System -> Preferences -> Screen Saver
  • Set a security password:
Screen Saver -> Lock screen when screensaver is active (ticked)

Partition Managers

Also see these tips for partitioning scheme suggestions, other partitioning tools and methods, and usage of multiple partitions for multiple OSs.

GParted Partition Manager

Gparted is a GTK (Gnome)-based partition manager that can also be used with KDE.

  • This utility works best when run from a LiveCD. Recent versions of the Ubuntu LiveCD have a copy of GParted on them. Start the Ubuntu LiveCD in demo mode (not in install mode) and then start GParted:
Menu -> System -> Administration -> GParted
  • You can also install the package into your OS (once it is installed on your hard drive): 
sudo apt-get install gparted

System Backup and Recovery

Rsync

Rsync is the directory backup and transfer tool for Linux. It is installed by default in Ubuntu. It can provide any type of backup, and options are extensive. Several GUI frontends for Rsync are listed here.

GRsync

GRsync is a GTK-based GUI front-end for Rsync. Install: 

sudo apt-get install grsync

Bacula

Bacula is the most widely-used GTK-based open source (GPL-licensed) network backup utility that is used in both server and desktop installations. A catalogue of backups can be maintained using MySQL, PostgreSQL, or SQLite. For more info see the Ubuntu documentation. Both text-based and GUI frontends are available. Install the MySQL version: 

sudo apt-get install bacula

SBackup

SBackup is a simple backup and restore utility for the GTK-desktop. Install: 

sudo apt-get install sbackup

Keep (Backup and Recovery)

Keep is a QT/KDE based backup utility used in previous versions of Ubuntu. It is no longer maintained and is not included in Ubuntu by default. Install: 

sudo apt-get install keep

Run:

  • Menu -> Applications -> System Tools -> Keep (Backup System)
  • Backup:
Click "Add a Directory to Backup"
Select directories you wish to backup
Select a location to place the backup
Set how often you wish the backups to take place, and how long to keep them
Click "Backup Now"
Select the directory groups you wish to backup.
  • Recover:
Click "Restore a Backup"
Select the directory groups you wish to restore.

Partimage (Partition backup)

Partimage is a free open-source utility to back up an entire partition into an .iso image. It can be used across a network, as well. Install and run: 

sudo apt-get install partimage
sudo partimage

Partimage cannot be used from within the partition you wish to backup. You will either have to run it from a different partition or from a LiveCD that contains it. (A serious limitation of Partimage is its inability to backup/restore split image files to/from multiple media (e.g. spanned DVDs/CDs), limiting its usefulness as an inexpensive cloning and distribution solution. Partition image backup/restoration must be to/from a single hard drive, large capacity USB stick, or networked storage space.)

cp

An entire partition's filesystem can easily be copied to another partition using the cp -a command. (However, this cannot be done for the partition of a filesystem that is running. Use the (K)Ubuntu LiveCD to copy partitions when necessary.) Obviously the destination partition should be as large or larger than the source partition, and while not necessary, probably is best if both partitions are of the same filesystem type (e.g. ext4). Use GParted to create or manipulate the destination partition, if necessary. To copy the entire filesystem, for example, from the ext4 partition /dev/sda6 into the ext4 partition at /dev/sda7, mount both partitions: 

sudo mkdir /media/partsda6
sudo mkdir /media/partsda7
sudo mount /dev/sda6 -t ext4 /media/partsda6
sudo mount /dev/sda7 -t ext4 /media/partsda7

Then merely copy the contents from one partition to the other: 

sudo cp -a /media/partsda6/* /media/partsda7
  • Of course, once the partition's filesystem is copied, a bootmanager (Grub2 or Grub Legacy) will have to be updated/reconfigured to recognize the new partition's OS in order to enable it to boot. Also, the /etc/fstab file of the new partition's filesystem may need to be edited (in regards to the UUIDs of the various partitions), to prevent conflicts. To determine the UUIDs of all current partitions on a hard drive: 
sudo blkid

Edit fstab so that the UUIDs are correctly reflected there.

  • To confirm that the file copy has completed, the Linux command du (also see these tips) can be used to calculate the disk usage for both the source and destination folders in order to compare the values (to ensure that they are the same). For example, the values should be the same for both partitions after copying has completed: 
sudo du /media/partsda6
sudo du /media/partsda7

dd

dd is a *nix command that enables the copying of files or an entire disk using a single command. Parameters must be precisely specified to avoid risk of accidentally erasing data. See these brief instructions or these instructions for detailed options. You cannot copy a hard drive that contains the operating system you are currently running. Instead, boot into a LiveCD and run the dd command that way. An example command to copy Hard drive X to Hard drive Y is: 

dd if=/dev/hdx of=/dev/hdy
  • ddrescue is a variation of the dd command that allows working with potentially corrupted datasets, partitions, or hard drives.

FSArchiver (Filesystem Archiver)

FSArchiver is a utility to backup the filesystem by files (instead of by partition blocks). A filesystem backed up in this way can be moved to a different sized partition or another disk filesystem altogether (e.g. from ext3 to ext4). Backups can be split and stored on (and restored from) spanned media (e.g. multiple DVDs/CDs). It is included in the System Rescue CD. Install: 

sudo apt-get install fsarchiver

System Rescue and Cloning Utilities

System Rescue CD

SystemRescueCD is a LiveCD that includes important utilities such as GParted, Partimage, ddrescue, Rsync, and FSArchiver. Several of these utilities cannot be used from within a running partition, so using them from a LiveCD is often necessary. Download and burn the LiveCD from the website.

Clonezilla

Clonezilla allows the backup or duplication of a partition for a single machine or for multiple machines over a network. (It is similar to Norton Ghost.) It includes Partimage, partclone, and other utilities. It is available as a LiveCD which can then be burned. (A serious limitation of Clonezilla is its inability to backup/restore split image files to/from multiple media (e.g. spanned DVDs/CDs), limiting its usefulness as an inexpensive cloning and distribution solution. Partition image backup/restoration must be to/from a single hard drive, large capacity USB stick, or networked storage space.)

Disk Imaging software

  • G4U is a utility to image a disk bit by bit.
  • G4L is a utility to image a disk bit by bit. It includes a GUI interface.

Ubuntu Customization Kit 

sudo apt-get install uck

Remastering software

Debian and (K)Ubuntu Linux operating systems can be "remastered" and customized (using one of a number of utilities) for re-distribution. (See this Wikipedia list.) This enables an organization to pre-load desired applications and customizations for distribution among its members, while preserving the intrinsic architecture and function of (K)Ubuntu. The customized (K)Ubuntu OS can then be distributed on a CD or on a USB flashdrive. Users are then free to further customize the OS, or even to revert back to the original default (K)Ubuntu settings. Also see the Ubuntu wiki.

  • oem-config-gtk 
sudo apt-get install oem-config-gtk

Run (K)Ubuntu LiveCD from a USB pendrive

The (K)Ubuntu LiveCD can be installed on and run from a USB pendrive. Settings can be "persistently" saved (but the LiveCD kernel modules can not be upgraded). Programs can be installed and run, however, and files saved to the USB drive. (The installed programs will remain installed). A (K)Ubuntu Live CD is needed to do the installation. For additional info, see the Ubuntu Community documentation or the Pendrivelinux instructions.

The USB "LiveCD" can be used to install (K)Ubuntu on computers (including netbooks) that do not have CD-ROM/DVD drives.

USB pendrives to be used to run Ubuntu should have a minimum of 2 Gb (preferably 4 Gb). If you wish to install a fast, fully functional Linux system on a pendrive that has less memory than that, use PuppyLinux or Lubuntu.

USB Creator

You can make a "LiveCD" on a USB pendrive using USB Creator and either a LiveCD or an .iso version of the LiveCD stored on your hard drive. USB Creator is installed by default in Ubuntu. If not, install: 

sudo apt-get install usb-creator-gtk
  • Run:
Menu -> System -> Startup Disk Creator

Create a boot CD to allow booting from the USB drive

Many computers do not allow booting from a USB drive (but they do allow booting from the CD-ROM). You can create a CD-ROM using these Pendrivelinux instructions and set your BIOS to boot from this CD-ROM. When you boot from this CD-ROM, it will use the bootup files on the Ubuntu USB drive you previously created (in the step above).

User Administration

Users and Groups

Menu -> System -> Administration -> Users and Groups
  • Add New Users
Menu -> System -> Administration -> Users and Groups -> Add
  • Remove Users
Menu -> System -> Administration -> Users and Groups -> user -> Delete
  • Modify Users
Menu -> System -> Administration -> Users and Groups -> user -> Advanced Settings
or
Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups

It is quite often necessary to have extra privileges to do certain tasks. These privileges are assigned to your user by belonging to certain groups. The tasks are allowed to be performed by any user belonging to the group associated with that task.

Example: a "sudoer" is a user who can perform certain administrative tasks, such as updating the system. To become a "sudoer" a user must belong to the "sudo" group.
Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups --> sudo -> Properties -> Group Members -> user (ticked)

To become an administrator, you must belong to the adm, admin, and sudo groups. To be a virtualbox user, you must belong to the virtualbox group. To change printer settings you must belong to lpadmin. To use the cdrom, you must belong to cdrom. To use hot-pluggable devices, you must belong to plugdev. To share Samba folders (on a Windows-based network), you must belong to sambashare. To access NTFS files using the virtual filesystem fuse, you must belong to the fuse group. To use many games, you must belong to the games group. The list is long, and not always obvious.

Unfortunately, while this is the feature that gives Linux such a high-level of security, it can also take diligence to remember to add your user to certain groups. It is not uncommon for programs and functions on your system not to work merely because you don't have privileges to do so because you forgot to add your user to the appropriate group(s).

Of most importance, you must already be an administrator in order to change membership in groups. Therefore, if you create a new user and intend to give that user administrative privileges (by assigning the user to the administrative groups), you must do so from your original administrator account (the one you set up at installation) or from another administrative user account.

Timekpr (Parental controls)

Timekpr is a program to track and control the computer usage of user accounts.

  • If updating, remove any prior versions: 
sudo dpkg --purge timekpr

sudo add-apt-repository ppa:nedberg
  • Install: 
sudo apt-get install timekpr
When prompted which default display manager to use, select "gdm"
  • Start:
Menu -> System -> Administration -> Timekpr Control Panel

Web content filtering

DansGuardian provides web filtering capability, similar to NetNanny. It is useful for limiting objectionable content in publicly accessible workstations, or for filtering objectionable content for younger users. It integrates with ClamAV, and uses several criteria for filtering websites (which is difficult to modify). It is used with Tinyproxy (best for individual users) or the Squid proxy (best for a network server). Install: 

sudo apt-get install dansguardian tinyproxy
or 
sudo apt-get install dansguardian squid

See these installation instructions for setup details. In brief,

  • Edit the dansguardian configuration file: 
sudo nano /etc/dansguardian/dansguardian.conf
comment out the UNCONFIGURED line: 
#UNCONFIGURED
If using tinyproxy instead of Squid, change the proxyport to 8888: 
proxyport 8888
  • Reinstall dansguardian: 
sudo apt-get install --reinstall dansguardian
  • Set your browser to use the localhost:8080 proxy. For example, in Firefox:
  • Firefox -> Edit -> Preferences -> Advanced -> Network -> Settings
  • Manual proxy configuration -> HTTP proxy: localhost -> Port: 8080

System Administration

Automating Tasks

  • Cron is a system daemon that runs tasks in the background according to instructions found in a crontab file. To edit the crontab file for the current user: 
crontab -e

Tasks that normally require administrative (sudo) privileges should be added to the root user's crontab: 

sudo crontab -e

Add commands using the format specified here (or see the Ubuntu Community Help). The crontab command format can also be found using: 

man crontab
  • Scheduled/automated tasks (cron events) can also be edited using the GNOME schedule GUI interface.
Menu -> System -> Administration -> Task Scheduler
  • If the GNOME Schedule task scheduler is not installed, install it: 
sudo apt-get install gnome-schedule

Boot Menu

Login Menu settings

You can change the Login menu settings from the GUI interface:

Menu -> System -> Administration -> Login Manager

You can choose an integrated theme or select individual components of the login screen/process.

Automating bootup options

StartupManager is a GUI to manage settings for Grub (Grub Legacy), Grub 2, Usplash, and Splashy.

GRUB boot manager settings

Grub2

Oneiric comes with Grub2, a difficult boot manager to customize. (Grub2 is also known as grub-pc.) See the evolving instructions at the Ubuntu wiki or Ubuntu forums. In brief, some settings can be edited: 

sudo nano /etc/default/grub
sudo grub-mkconfig --output=/boot/grub/grub.cfg

Alternatively, use the command: 

sudo update-grub
Grub2 background image, colors, fonts
  • See this Ubuntu Forums thread.
  • Any background image can be used for Grub2 by placing the image in the /boot/grub folder and then reconfiguring Grub2: 
sudo update-grub

The image ought to be the same size as the Grub2 startup resolution specified in /etc/default/grub (e.g. 1024x768).

  • A selection of splashimages can be installed into the /usr/share/images/grub folder: 
sudo apt-get install grub2-splashimages
  • One of the images can be linked to the /boot/grub folder and used as the splash image. For example: 
sudo ln -s /usr/share/images/grub/Plasma-lamp.tga /boot/grub
sudo update-grub
Protecting Grub2 from cracking
  • To add password protection, in the /etc/grub.d/40_custom configuration file, add the lines: 
set superusers="user1"
#password_pbkdf2 user1 grub.pbkdf2.sha512.10000.biglongstring
password user1 insecurecleartextpassword

and change your password to something other than insecurecleartextpassword, or use the pbkdf2-encrypted method described here. You can then password-lock menu items as well. For detailed info see this blog.

GRUB Legacy

The older version of GRUB ("Grub Legacy") is available, for use with a boot partition, for example. Install: 

sudo apt-get install grub
  • If you have multiple operating systems (OS) on your computer, you may be using the GRUB Legacy boot manager (in a boot partition, for example). You can edit the options for GRUB Legacy in the menu.lst configuration file. (See this detailed info.) 
sudo nano /boot/grub/menu.lst
(gedit can also be used instead of nano as the text editor.)
Chainloading Grub2 from Grub Legacy
  • Grub2 is erratic. I no longer chainload it. Instead, it is possible to bypass Grub2 entirely and load an OS directly using Grub Legacy (stored in a boot partition, for example) using an entry in menu.lst of the format: 
title Kubuntu Oneiric OS (chainloader)
rootnoverify (hd0,6)
kernel /vmlinuz root=/dev/sda7 ro
initrd /initrd.img
  • My old method for chainloading Grub2 (installed in this example in the /dev/sda7 partition) from Grub Legacy used an entry in the Grub Legacy configuration file (/boot/grub/menu.lst, stored in the standalone boot partition with the Grub Legacy files) with this format: 
title (K)Ubuntu Oneiric OS (chainloader)
rootnoverify (hd0,6)
kernel /boot/grub/core.img
Protecting Grub Legacy from cracking
  • To add password protection, in the /boot/grub/menu.lst configuration file, uncomment (remove the hashmark) from the line: 
#password topsecret

and change your password to something other than topsecret, or use the md5-encrypted method described here. You can then password-lock menu items by adding the descriptor lock below the title of any item menu.

Default Applications

In previous version of ubuntu, you could choose which program to use as your default program for a specific task.

Menu -> System -> Administration -> Default Applications

or by right-clicking on any file and choosing the "Open with Other Application..." option.

The Default Applications menu has now been removed from Ubuntu, however. For a GUI that will allow this and multiple similar Ubuntu system tweaks, install Ubuntu Tweak: 

wget http://launchpad.net/ubuntu-tweak/0.5.x/0.5.8/+download/ubuntu-tweak_0.5.8-1_all.deb
sudo dpkg -i ubuntu-tweak_0.5.8-1_all.deb

Kill a process

Sometimes a program (or "process") just freezes. To "kill" (or end) the program/process:

Menu -> System -> Administration -> System Monitor -> highlight the errant process -> Kill process

From the command line: 

sudo killall process
where process is the name of the frozen program, such as firefox.

Enabling NUM LOCK On Startup

Menu -> System -> Administration -> Keyboard & Mouse -> Keyboard ->"turn on Numlock on Startup"

Working with Menus

Create an encrypted folder

You can create a folder whose contents are encrypted. See these instructions.

Create a symlink from a file to another location

A symbolic link (also known as a symlink) is a method in Linux of referring to a file (or directory) in one location from another location. Usage: 

ln -s /path/to/source /path/to/destination

If /path/to/destination requires superuser rights, then use: 

sudo ln -s /path/to/source /path/to/destination

This is similar to, but more powerful than, creating Shortcuts, with which former Windows users may be familiar.

Assign a root password

To be able to log in as root directly, you must assign a root password. This can be done with: 

sudo passwd root

Afterwards, you can use 

su

to get a root prompt. You would then use the root password.

Get a root prompt without using a root password

If you have not set a root password (or don't know it), you can obtain root user privileges anyway. From the command-line Terminal: 

sudo -s
or 
sudo su
or 
sudo bash

You will use your own user password instead of a root password.

You could also get a prompt to become any other user on the computer by typing: 

sudo su <username>

Use the File Manager as root 

sudo nautilus
or 
gksudo nautilus

Manually Mount and Unmount a device

To manually mount a device: 

mount /dev/hda

replace /dev/hda with the location of the device.

To manually unmount a device: 

umount /dev/hda

replace /dev/hda with the location of the device.

Windows Compatibility

Mounting NTFS Partitions (with read/write privileges)

Find out the name of your ntfs partition: 

sudo fdisk -l

Method 1: In this example, the NTFS drive is listed by fdisk as /dev/sda2, but yours may differ.

Make a mount point for the drive: 

sudo mkdir /media/WindowsNTFS

Edit fstab: 

sudo nano /etc/fstab

Comment out the automatically added lines by Ubuntu installation: 

#/dev/sda2  auto nouser,atime,noauto,rw,nodev,noexec,nosuid 0 0
#/dev/sda2 /mnt auto user,atime,noauto,rw,nodev,noexec,nosuid 0 0

and instead add the line: 

/dev/sda2 /media/WindowsNTFS ntfs-3g quiet,defaults,rw 0 0

Note: There are many ways to mount the drive, depending on your needs. The fstab file controls this process. See How to edit and understand fstab and Intro to using fstab.

In this example, I indicated that the file system was an ntfs-3g filesystem, so did not use the auto option (which detects the filesystem automatically). I used rw to specify read/write privileges for all users, but umask=0 and umask=000 are accepted by some kernels.


Method 2: Edit fstab: 

sudo nano /etc/fstab

When Ubuntu installation finishes, it mounts all ntfs partitions automatically with ntfsprogs, adding a line similar to the following to fstab: 

UUID=8466268666267956 /media/sda1     ntfs    defaults,gid=46 0       1

Change this line to: 

UUID=8466268666267956 /media/sda1     ntfs-3g    defaults,nls=utf8,locale=zh_CN.UTF-8,rw,gid=46 0       1

In this example, I have a Chinese-language Windows installation on my first partition, so I set the locale parameter (locale=zh_CN.UTF-8) so that my Chinese documents can display correctly. Setting rw (same as umask=0 or umask=000) lets me read/write the partition without sudo. gid=46 specifies that the drive will belong to the group of hot-pluggable devices (plugdev) and is not necessary unless your ntfs drive is a hot-pluggable one (such as an external USB drive). nls=utf8 is the default and is optional for most ntfs users, but there are other options for Chinese (and other specialized character-set users).

Mounting FAT32 Partitions

Follow the above instructions, but use vfat instead of ntfs-3g.

In other words, if you have made a mount point directory /mnt/WindowsFAT32 and your FAT32 drive is /dev/sda3, then edit the /etc/fstab file to include the line: 

/dev/sda3 /mnt/WindowsFAT32 vfat quiet,defaults,rw 0 0

Synchronize clock to network time server

The Network Time Protocol (NTP) allows time synchronization of your computer to time servers on the Internet.To enable it:

  • Applications menu -> System Settings -> Date & Time
  • Check the "Set date and time automatically" option
  • Choose an ntp time server near you.

Hardware

CPU and motherboard

The Linux kernel in versions of (K)Ubuntu starting with Karmic Koala implemented mandatory CPU temperature and fan speed sensor monitoring (which was optional in previous kernels). The output from the sensors is used to effect CPU scaling (throttling) in the event of "out of range" temperature values. However, not all motherboards/CPUs have sensor drivers available, and due to a bug in the feedback routine, missing sensors drivers incorrectly report as an "out of range" error in the kernel. Originally this threw multiple errors which were logged (using rsyslogd) to both the /var/log/kern.log and the /var/log/syslog files, filling them to multiple Gb size within a few hours. This had the effect of slowing, then freezing, the machine. Currently, the machine will simply not boot.

If your machine is affected by this problem, you may be restricted to versions of (K)Ubuntu that are Jaunty or earlier (or you must undertake extensive workarounds).

Disable CPU Frequency scaling

(Note: These instructions may not work with newer Linux kernels.) My motherboard does not have drivers for my CPU fan sensor. Therefore, the Linux kernel cannot monitor the temperature and fan speeds properly and throttles the CPU (aka frequency scaling) inappropriately. This has the effect of slowing or freezing my computer. To turn off this behavior, I used the Debian RCConf utility: 

sudo apt-get install rcconf
sudo rcconf

and unchecked the ONDEMAND item. (I also unchecked the fan control item). I then rebooted. For more info, see this.

libsensors

libsensors (libsensors3 and/or libsensors4) is a module that allows an interface (such as lm-sensors) to monitor your motherboard/CPU temp and fan speeds. You can adjust settings: 

sudo kate /etc/sensors.conf
sensors -s

libsensors and lm-sensors are not used by the Linux kernel (which uses other routines).

Some hardware CPU sensors are not recognized by the Linux kernel, causing system slowdown or freezing. Here is some info about hardware/sensors problems.

Sensors-applet (Motherboard monitoring)

Sensors-applet (or xsensors) is the Gnome (Ubuntu) frontend for lm-sensors. These sensors monitor the temperature and fan-speed sensors of your motherboard. 

sudo apt-get install sensors-applet lm-sensors
sudo sensors-detect
sensors-applet
  • Make sure your sensors are installed. 
sensors

For more info, see this thread.

Graphics Cards

Frequency Out of Range / Choose New Resolution

  • Edit the grub configuration file: 
sudo gedit /etc/default/grub
  • Edit the lines: 
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480
by removing the comment hashmark and choosing an appropriate resolution so that the lines resemble: 
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=1024x768
  • Re-build the grub configuration file: 
sudo update-grub

Install Latest Nvidia/ATI drivers

Ubuntu uses a GUI frontend to Jockey for the installation of the proprietary nVidia drivers (and other proprietary drivers).

Menu -> System -> Hardware Drivers
  • Sometimes after a kernel upgrade a proprietary driver may stop working. In such a case, try installing the new linux-headers that match the newly upgraded kernel: 
sudo apt-get install linux-headers-$(uname -r)
If dkms and build-essential have never been installed on your system, these can also be worthwhile: 
sudo apt-get install dkms build-essential

Intel integrated graphics cards

  • With the default installation of Maverick, my computer with integrated Intel graphics blanked the screen at bootup and then froze. These steps work around this problem.
  • When booting up, choose recovery mode as root (or "root with networking"). This will give the command line (as root user).
  • Edit the Grub2 configuration file: 
sudo nano /etc/default/grub
  • Change the line: 
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
to 
GRUB_CMDLINE_LINUX_DEFAULT="quiet i915.modeset=0"
  • Then regenerate the Grub2 configuration file: 
sudo grub-mkconfig --output=/boot/grub/grub.cfg
When I then rebooted, my graphics worked.
Intel graphics resolution problems
  • On a fresh installation of Karmic Koala I had no problems with my onboard Intel graphics card. However, on an update from Jaunty to Karmic, I could not get higher screen resolutions -- the same problem I had in Jaunty. A solution to achieve higher resolutions is to revert to the old Intel drivers (used in Intrepid), as detailed here.
Screen Keeps Flickering

If you have an Intel Corporation Mobile 915GM/GMS/910GML card, your screen may flicker every 5-10 seconds. To prevent this:

  • Menu -> System -> Administration -> Advanced -> Service Manager -> Uncheck "Detect RANDR (monitor) changes"

Reconfigure xserver-xorg 

sudo dpkg-reconfigure xserver-xorg

xorg.conf

Before installing any driver for ATI or nvidia, please make backup xorg.conf before following this method. 

sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak

If you have edited this file but would like it to be automatically updated again, run the following command: 

sudo dpkg-reconfigure -phigh xserver-xorg

If you want to try this xorg.conf after installing the driver, you must back up your xorg.conf as following. And then, edit /etc/X11/xorg.conf in text editor. Add or modify this xorg.conf sample.

xorg.conf for nvidia 
 Section "Screen"
 Identifier "Default Screen"
 Device "Configured Video Device"
 Monitor "Configured Monitor"
 SubSection "Display"
 Depth 16
 Modes "1280x1024" "1024x768"
 Option "AddARGBGLXVisuals" "True"
 EndSubSection

 Option "AddARGBGLXVisuals" "True"
 Defaultdepth 24
 EndSection
 Section "Module"
 Load "glx"
 Load "GLcore"
 Load "v4l"
 EndSection
 Section "Device"
 Identifier "Configured Video Device"
 Boardname "vesa"
 Busid "PCI:1:0:0"
 Driver "nvidia"
 Screen 0
 EndSection
 
 Section "Device"
 Identifier "Device0"
 BoardName "Generic Geforce 5500"
 Driver "nvidia"
 Vendorname "NVIDIA Corporation"
 Option "DualHead" "1"
 Option "ShadowFB" "1"
 Option "FPScale" "1"
 Option "TwinView" "True"
 Option "TwinViewOrientation" "RightOf"
 Option "UseEdidFreqs" "True"
 Option "Metamodes" "1024x768,1024x768"
 Option "UseDisplayDevice" "DFP"
 EndSection
 
 Section "Device"
 Identifier "Videocard0"
 Driver "nv"
 VendorName "NVIDIA Corporation"
 BoardName "GeForce 7600 GT"
 EndSection
 
 Section "InputDevice"
 Identifier "Generic Keyboard"
 Driver "kbd"
 Option "XkbRules" "xorg"
 Option "XkbModel" "pc105"
 Option "XkbLayout" "us"
 EndSection

 Section "InputDevice"
 Identifier "Configured Mouse"
 Driver "mouse"
 EndSection
 Section "ServerLayout"
 Identifier "Default Layout"
 screen 0 "Default Screen" 0 0
 EndSection
 
 Section "Extensions"
 Option "Composite" "Enable"
 EndSection

Installation of ATI and nVidia Graphics drivers

nVidia Driver

The current proprietary nVidia drivers are automatically installed using:

Menu -> System -> Administration -> Hardware Drivers

Look for the current drivers to activate there.

  • Here are alternate manual instructions.
  • Please make a backup of xorg.conf before following this method. 
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak
  • Install the nvidia-settings package: 
 sudo apt-get install nvidia-settings
  • Download the nVidia driver: 
wget -O NVIDIA-Linux-x86-pkg1.run http://www.nvidia.com/Download/index.aspx?lang=en-us
sudo sh NVIDIA-Linux-x86-pkg1.run

and choose yes to any verbose response. After you install the driver, reboot your computer.

ATI Driver

If you have problems with ATI drivers after upgrading, check this link for solutions to common problems with ATI.

Monitors / Displays

Turn off power saving

Even when on AC power, the power saver feature of Ubuntu sometimes changes the screen brightness to the battery setting on laptops. This was a problem with the ACPI power management module in the past, but should now be fixed. If not, change the settings:

To access the Guidance Power Manager module, click on the power icon on the desktop taskbar.
Change the brightness setting for "Battery powered" to maximum.

You can also turn off power management settings (invoked when the computer is idle):

Menu -> System -> Preferences -> Power Management -> Display -> Put display to sleep when inactive for: Never -> Close

Configure Dual Monitors with nVidia

  • Make sure that the nVidia driver has been installed and is functioning properly on your first screen. Also, make sure both monitors are connected.
  • Menu -> Administration -> NVIDIA X Server Settings
or from the command-line terminal (Terminal or Konsole) type: 
sudo nvidia-settings
  • Select "X Server Display Configuration".
  • You should see 3 boxes (2 if your card doesn't have an S-Video out). From here you can configure all of your card's outputs.
  • Check the "(Disabled)" box.
  • Select "Configure...".
  • The most common choice is TwinView. Select it.
  • Setup the desired screen resolutions and positions of your two active displays.
  • The new display will likely have resolution set to "Auto" to match your first. Change this if you wish.
  • Leave the first screen's position as "Absolute" and set your second display's position relative to that.
  • "Clone" means the same output on both.
  • Once you are satisfied with your settings, hit Apply to test them.
  • Note: if your displays are side-by-side, the kicker may extend across both screens as well as any maximized applications. This will be corrected when the X server is restarted.
  • If everything else is ok, hit "Save to X Configuration File". Now hit Ctrl+Alt+Backspace to restart X. You now have 2 screens!
  • Troubleshooting: if the X server fails to reload you can recover your old X configuration. In a terminal: 
sudo cp /etc/X11/xorg.conf.backup /etc/X11/xorg.conf

Hard Drives and USB Storage

Optical Drives

Printers & Scanners

The new CUPS interface recognizes many printers. Specific printers not recognized can often be installed using instructions found at the Linux Foundation OpenPrinting database.

Add a Printer

Menu -> System -> Administration -> Printing -> Server -> New -> Printer

Most of the time, your printer (if connected and turned on) will be detected automatically.

My network printer with its own IP address at 192.168.0.124 was correctly installed at

socket://192.168.0.124:9100.

You can also choose printers on a Windows system via Samba and other types of networked printers, in addition to directly connected printers.

Use CUPS web interface

From any web browser, go to the URL:

http://localhost:631

Brother printers

Most Brother printers are auto-detected or can be installed directly from the CUPS interface. For additional drivers and instructions see the Brother help site. For information on a specific model, see the Linux OpenPrinting site.

HP Printers

For Hewlett Packard printers / scanners, install hplip and hplip-gui. 

sudo apt-get install hplip hplip-gui
  • Add the printer:
Menu -> Applications > System Tools > HP Toolbox

This should set up printer / scanners for scanning as well.

  • For scanning, install Xsane: 
sudo apt-get install sane xsane

Run:

Menu -> Applications -> Graphics > Xsane image scanning

A full library of Linux drivers for HP printers is here.

Sound

If you get no sound with a fresh install, check that the sound levels are not set to zero. Click on the sound (speaker) icon on the panel, and then mixer. You may need to expand the dialog window to show labels. Ensure levels aren't set to zero, especially PCM.

PulseAudio

Sound in (K)Ubuntu is routed by Phonon either directly to your sound card or through the PulseAudio sound system. To use PulseAudio, you must install it. This can be done by installing the PulseAudio control modules (which will install pulseaudio as a dependency):

  • Install PulseAudio with the control modules: 
sudo apt-get install pavucontrol paprefs
  • Although I no longer use it, in older versions of (K)Ubuntu I also (optionally) installed a system tray widget: 
sudo apt-get install padevchooser
padevchooser

Some experimentation with the settings in

Menu -> System -> System Settings -> Multimedia

may be necessary to make sound on your system work properly.

Try setting PulseAudio as the first sound system if you are having troubles getting sound (even if you are using ALSA). If that doesn't work, try making it the last choice.

Some programs require ALSA sound and try to send sound directly through ALSA drivers. Check your program's preferences section to see if ALSA is selected. You may have to switch to PulseAudio (or even OSSound) if you can't get sound.

HDMI with PulseAudio

I could only get my HDMI audio on my computer to work this way, and I can't quite figure out why it works.

  • I checked to make sure my Mobile Intel 4 Series HDMI audio driver was installed (it is part of the most recent kernels): 
aplay -l
aplay -L

This told me the HDMI card was recognized and configured properly. The problem was that no matter what I did, I couldn't get the sound piped through the HDMI card using ALSA, Kmix or any other settings (I tried every permutation).

  • In PAVUControl I selected the HDMI card as the output device:
Menu -> Multimedia -> PulseAudio Volume Control -> Configuration -> Internal Audio -> Digital Stereo (HDMI) Output

Then everything played through the HDMI audio card (through the cable to my HDTV).

This worked whether I had PulseAudio selected as the default audio or not (in System settings -> Multimedia). Don't ask me why.

  • My HDMI port/output is only recognized if the HDMI cable is plugged in at bootup (it does not matter whether the HDTV power is on or not). If I plug in the HDMI cable after bootup, it isn't recognized.
  • After doing this, every program I use works: VLC, Audacious, or whatever. It does not seem to matter whether the application is using Default, ALSA, or PulseAudio for the audio output plugin. None of this makes sense to me, but it works. I'm happy to be able to play HDMI movies (through VLC) to my HDTV.
  • To change sound output back to my computer's internal speakers (ALSA), I returned the output setting:
Menu -> Multimedia -> PulseAudio Volume Control -> Configuration -> Internal Audio -> Analog Stereo Output
Recording with PulseAudio

To set the PulseAudio inputs that will be recorded by an application (such as Audacity or FFMPEG), the recording must be already started! Only then can the inputs (to be recorded) be selectable in PulseAudio.

  • For example, to record from a plug in microphone using Audacity, make sure the microphone is plugged in. Make sure in the Sound Mixer (icon) that the microphone is not muted and that the levels are set appropriately.
  • In PulseAudio Volume Control, select the device that will be the input.
Menu -> Multimedia -> PulseAudio Volume Control -> Input Devices -> Show: All Input Devices
-> Internal Analog Audio Stereo: Port: Analog microphone

Of course, you should use the device you wish to use here. You can also select the Monitor of Internal Analog Audio Stereo device, which will use as an input to the recording/capture application whatever happens to be playing through the sound card (except for hardware inputs).

  • Start Audacity (or other recording application). Make sure (in Audacity) that the Devices toolbar is visible:
Menu -> Multimedia -> Audacity -> View -> Toolbars -> Device Toolbar (ticked)

Assuming you are using ALSA, make sure ALSA is selected, and that pulse is selected for both the output and microphone input on the Device Toolbar. Start recording.

  • Start PulseAudio Volume Control. Under the Recording tab, you should see Audacity listed as "ALSA plugin: [audacity]: ALSA Capture from: Internal Audio Analog Stereo. If it isn't, then select it. (This is the tricky part that took me a long time to discover.)

Airport Express

Airport Express with Pulse Audio

Audio output can be streamed over your local network to an Airport Express. These capabilities require pulseaudio-module-zeroconf (for the Zeroconf/Bonjour networking protocol) and pulseaudio-module-raop (for Airport Express).

  • Install PulseAudio: 
sudo apt-get install pulseaudio
Reboot to finish the installation.
  • Select PulseAudio as the output device in
Menu -> System -> System Settings -> Multimedia -> Device Preference
and move "Playback/recording through the PulseAudio sound server" to the top of every category (or at least the ones for which you wish to use PulseAudio).
  • Test some audio (e.g. playback through Amarok) to make sure the PulseAudio system is working. Some applications specifically require that the PulseAudio output is specified in their configuration settings, and some applications require a separate PulseAudio plugin to function properly.
  • Install additional modules in order to use Bonjour/Zeroconf and raop (Airport Express output): 
sudo apt-get install pulseaudio-module-zeroconf pulseaudio-module-raop
  • Install utilities to control the preferences and volume of various PulseAudio devices: 
sudo apt-get install paprefs pavucontrol
  • Enable discovery of the Airport Express by PulseAudio:
Menu -> Settings -> PulseAudio Preferences (Sound Audio preferences) -> Network Access

and check both:

Make discoverable network sound devices available locally
Make discoverable Apple Airtunes devices available locally
  • It is not clear to me which ports need to remain unblocked in order for Bonjour/Zeroconf and mDNS to discover the AEx. mDNS and Bonjour/Zeroconf use ports 5353, 5000, and 6000. (The PulseAudio server uses port 4713.) However, even when I unblock these the AEx doesn't seem to be able to be discovered until I turn off the firewall completely. (Once the AEx is discovered I turn the firewall back on and then have no other problems). I usually just add the IP address of the Airport Express on the LAN to the list of firewall-allowed connections. (Doing this still doesn't allow it to be discovered, though, for unclear reasons. Still, as long as a connection to the IP address of the AEx is allowed, I can turn the firewall back immediately after the AEx is located by the Zeroconf discovery and everything continues to stream fine.)
  • If your LAN's router allows traffic-shaping (QoS prioritization), giving priority to the traffic to/from the Airport Express can improve performance. Finally, be aware that screensavers can interrupt uninterrupted smooth audio output from a PC. If traffic to the AEx becomes choppy, disable your screensaver.
  • Open PulseAudio Volume Control:
Menu -> Multimedia -> PulseAudio Volume Control
  • If the AEx has been successfully discovered (the firewall may have to be turned off temporarily in order for the AEx to be discovered) the name of the AEx should show up as an Output Device:
PulseAudio Volume Control -> Output Device -> My AEx Name
If desired, the AEx can be set as the default "fallback" output device to always be used:
PulseAudio Volume Control -> Output Device -> My AEx Name -> click "Set as fallback" icon
If it is not set as the default fallback output device, it must be manually selected as an output device each time.
  • Start the application (such as Amarok or Audacious). To manually select which output device should be used, open PulseAudio Volume Control and choose the Playback output device for the application:
PulseAudio Volume Control -> Playback -> ALSA plugin [Amarok]: ALSA Playback on: -> My AEx Name
  • The output volume (for any of the output devices) can be set:
PulseAudio Volume Control -> Output Device -> My AEx Name
Troubleshooting

This was my old method. It works, but is probably unnecessary (and loads a lot of additional modules).

  • Install padvechooser (which also install paman, pavumeter, and paprefs): 
sudo apt-get install padevchooser
  • Padevchooser is an applet for the taskbar panel. The PulseAudio Manager is accessible through the applet. Start Manager:
Menu -> Multimedia -> PulseAudio Device Chooser -> Manager -> Devices -> Sinks
  • Select the Airport Express as the output device ("sink"):

My AEx is discovered, but I got no sound through it until I selected it as the default sink (output) by one of two methods:

  • From the PulseAudio Device Chooser:
Menu -> Multimedia -> PulseAudio Device Chooser -> Manager -> Devices -> Sinks
I then noted the name of my Airport Express device to be raop.Base-Station-e60157.local, so I entered that as the sink:
PulseAudio Device Chooser -> Default sink -> Other -> raop.Base-Station-e60157.local

raop-client (Airport Express streaming)

Another method to stream audio to the Airport Express uses raop-client, a tool written in Ruby. See information here.

GSTransmit (Airport Express streaming)

GSTransmit is a tool to allow GStreamer-based utilities to stream output to an Apple AirTunes Device (such as the Airport Express). It is available as a self-installing .deb file from the website.

Airfoil (Airport Express streaming)

You can stream media from a PC running Windows or Mac OS X connected to an Airport Express network to your (K)Ubuntu Linux desktop, using Airfoil. (Unfortunately you cannot send media output from (K)Ubuntu to the Airport Express network with Airfoil, only receive.) This can be useful in a distributed multimedia system, for example, in which your (K)Ubuntu PC is connected to a media center. You must be running Mono. You can download the .deb package at Rogue Amoeba. Installation instructions are at Rogue Amoeba Linux support.

Mice

Activate side-mouse-buttons in FireFox

Adding two lines to xorg.conf will activate side-mouse-buttons in FireFox.

  • This should work with most brands of the 5-button mouse. Here is a list of mice that worked with this instruction.
Logitech MX310
Logitech MX510
Logitech MX518
Logitech MX700
Logitech MX Revolution
Intellimouse Explorer (first edition)
Razer Copperhead
  • Backup X.org configuration file 
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak
  • Modify the X.org configuration file 
kdesu kate /etc/X11/xorg.conf
  • Find the Input Device section for your mouse and add two lines as shown below.
  • You may also increase the number of buttons if your mouse has more than 7 -- just fix the rest of the section based upon the number of buttons.
Note: "back/forward", "wheel click" & "tilt left/right" all count as buttons
  • Change: 
Section "InputDevice"
 Identifier "Configured Mouse"
 Driver "mouse"
 Option "CorePointer"
 Option "Device" "/dev/input/mice"
 Option "Protocol" "ExplorerPS/2"
 Option "ZAxisMapping" "4 5" 
 Option "Emulate3Buttons"       "true"
EndSection
to: 
Section "InputDevice"
 Identifier "Configured Mouse"
 Driver "mouse"
 Option "CorePointer"
 Option "Device" "/dev/input/mice"
 Option "Protocol" "ExplorerPS/2"
 Option "ZAxisMapping" "4 5"
 Option "Emulate3Buttons" "true"
 Option "Buttons" "7"
 Option "ButtonMapping" "1 2 3 6 7"
EndSection

Touchpad

For Synaptics Touchpads: 

sudo apt-get install gsynaptics

For more info, see the Ubuntu help wiki.

Wacom Pen Tablets

Support for the Wacom pen tablet is integrated into Jaunty by default, including for hotplugging. For more info, see the Ubuntu documentation.

Fingerprint Readers

Remote Controls

LIRC (Infrared Remote Controls)

LIRC (Linux Infrared Control) allows you to use most infra-red remote controls. This can be installed from Menu -> Applications -> Ubuntu Software Center -> System -> lirc

or 
sudo apt-get install lirc

Remuco (Bluetooth and WiFi Remote Controls)

Remuco is a utility for controlling many multimedia players (such as VLC, Amarok, Rhythmbox, Audacious, and many others) using a Bluetooth or WiFi remote control. Each player has its own package. For example, the VLC package is named remuco-vlc and can be installed: 

sudo apt-get install remuco-vlc

Bluetooth

BlueZ is the package that allows Bluetooth connectivity in Ubuntu Linux. This package is included within the current kernel of Ubuntu. To add utilities to check whether your Bluetooth adapter's firmware is current, install: 

sudo apt-get install bluez-utils bluez-firmware

then run 

sudo dfutool

WiiMote

The Wiimote (Wii Remote Control) uses both Bluetooth and Infra-red technology. It communicates with Ubuntu Linux using the incorporated BlueZ Bluetooth drivers and/or LIRC drivers. (It can function with Bluetooth alone, however.) You will need a Bluetooth receiver on your PC (such as a Bluetooth USB stick or built-in Bluetooth receiver, for example). (Note: not all Bluetooth receivers will work with the Bluez drivers. Check this list or test yours first.)

  • Install the cwiid Wiimote controller package and the lswm Wiimote discovery package: 
sudo apt-get install wminput lswm
  • Install the drivers (or just reboot): 
modprobe uinput
Note: You can also add uinput to the modules files so it loads automatically at bootup: 
sudo echo "uinput" >>/etc/modules

Run (while pressing button 1/2 on the Wiimote): 

sudo wminput

For more info, and to learn how to enable the infra-red functions, see this guide.

USB

Wireless Cards

Atheros Cards

Atheros Wireless cards should work automatically with the new kernel by installing the proprietary driver. At installation, after the first reboot, you will be prompted whether to use the proprietary drivers.

It should no longer be necessary to install the following package: 

sudo apt-get install madwifi-tools

These instructions for the Atheros 802.11 b/g integrated card are here for reference only (or if you wish to install them manually instead): 

madwifi-hal-0.10.5.6-current.tar.gz
  • Extract the files
  • Make sure your linux headers and build-essential packages are installed: 
sudo apt-get install build-essential
sudo apt-get install linux-headers-$(uname -r)
  • Unload any drivers already running. 
sudo ifconfig ath0 down
sudo ifconfig wifi0 down
  • Change to the directory where you extracted the driver. 
cd <directory_where_driver_unzipped>
  • From that directory, run the installation scripts: 
cd scripts
sudo ./madwifi-unload
sudo ./find-madwifi-modules.sh $(uname -r)
cd ..
  • Complete the installation by compiling the source and installing it. 
sudo make
sudo make install
  • Add the installed drivers to your system. 
sudo modprobe ath_pci

Following this, Network Manager was able to see the wireless card and I was able to configure everything else (WEP / WPA key, etc.) from there.

Complete instructions are available at MadWifi UserDocs.

Atheros AR242x

Alternate instructions for installing the Atheros AR242x card are here.

3G

3G protocols allow wide area cellular communications that include not only cellphone voice transmission but also integrated broadband internet connections. This can be integrated into a single device, or communications can be received through an EVDO adapter. Examples of 3G radio interfaces include Mobile WiMax, CDMA-2000, TD-CDMA, EDGE, and DECT. For info using 3G with the Ubuntu Network Manager, see this page. For additional info on using 3G with Ubuntu, see this guide.

he220r1

he220r1 is a (K)ubuntu driver package for the Huawei e220 USB modem. It has also been found to work with other 3G devices, such as Nokia, Sony Ericsson, and Motorola. See the website for download and installation instructions.

T-Mobile Option 225 (Web'N'Walk) Stick

This website offers a driver optimised for the T-Mobile Web'n'Walk Stick/Option 225.

Virgin Huawei e169

See this Ubuntu forum solution: 

sudo gedit /etc/ppp/options

find the line that says: 

#-chap

and uncomment it (delete #) 

-chap

this (I think) disables CHAP authentication

I also had to change the APN to VirginBroadband instead of VirginInternet which was the default, and now it's happy. 

Other settings
Number *99#
Uname <your virgin username>
PW <your virgin password>

EVDO Cards

EVDO cards include USB modems and adapters to receive wide-area cellular broadband Internet connections.

Sprint

Sprint EVDO cards can be used most easily through KPPP. For instructions, read the Sprint Mobile Broadband Setup Guide. Also see the EVDO Forums.

Verizon

See this Crystal Networking guide.

Tethering your PC to your Verizon cell phone

This is a per-minute plan in which you can use Verizon broadband services through your cell phone (such as the Motorola RAZR) connected to your PC via a USB cable. See this guide.

Digital Cameras

WebCams

See the Ubuntu webcam guide for more info. Many webcams that worked in Hardy Heron may not work in Intrepid Ibex. This may be due to a migration from v4l (video for Linux) to v4l2. See this discussion.

EasyCam

EasyCam2 is a utility for finding and installing drivers for your webcam. See these installation instructions.

iSight

Linux drivers for the digital iSight camera (connected by FireWire), using ALSA for sound, are here. The video component is already supported by current kernels (see here for more information).

Luvcview (USB webcam viewer)

Luvcview can be used to view your USB webcam to test it. Install: 

sudo apt-get install luvcview

View your webcam: 

luvcview -f yuv

Netbooks

Ubuntu can be installed on netbooks. (See this this page for laptop and netbook compatibility reviews.) At this time the Ubuntu Netbook Remix (or equivalent) is preferred to the standard Gnome-based desktop, especially for new users. Ubuntu Netbook Remix is provided to several individual netbook manufacturers (such as Asus and Acer) to be optimised for that device. (You can contact your specific netbook manufacturer for specific details on this product.) If you already have Ubuntu Netbook Remix (or eeebuntu Netbook Remix) installed, you can choose to add the full Ubuntu (Gnome) desktop, if you wish: 

sudo apt-get install ubuntu-desktop
  • Asus eeePC 1000H
  • Reduce font size one or two sizes, and set the screen DPI to 120.
  • eeebuntu Netbook Remix is available for this device.
  • Dell Mini 9
  • Ubuntu Netbook Remix runs on this device well. See this guide.
  • HP Mini 1000 Mi
  • A custom edition of Ubuntu is installed on this version of this device. No additional configuration is necessary.
  • Samsung NC10
  • Some package should be installed for keyboard functions (FN Key+functions). The procedure to install these package is available in this forum.

Another method is to install Ubuntu onto your netbook from scratch using a USB flashdrive LiveCD.

Acer Aspire One

There are several Ubuntu-based and other Linux-based OS's specially customised for the Acer Aspire One. Some of them are:

Also see the Ubuntu website for detailed tweaks and fixes. More useful information can be found in the Ubuntu Linux sub-forum at aspireoneuser.com

Palm

Mobile Devices

Ubuntu Linux offers an operating system for Mobile Devices (such as the Samsung Q1 Ultra or Elektrobit MIMD) with a unique and simplified interface. For more information see the Ubuntu MID Edition site.

MP3 / Video Players

Sansa Fuze

The Sansa Fuze is a very high quality MP3 audio as well as video player. It is recognized by default as a USB device in Ubuntu/Kubuntu. To convert videos into a format that can be copied to the player, use Video4Fuze.

  • Download and install: 
wget http://video4fuze.googlecode.com/files/fuzemux-0.1_amd64.deb
wget http://video4fuze.googlecode.com/files/video4fuze-0.6_all.deb
sudo dpkg -i fuzemux-0.1_amd64.deb
sudo dpkg -i video4fuze-0.6_all.deb
Use fuzemux-0,1_i386 instead of fuzemux-0.1_amd64.deb if using a 32-bit OS.
  • Start video4fuze from the command line: 
video4fuze

or create a menu item with the Command: video4fuze.

  • Convert files (mpg or mp4) using Video4Fuze. Do not use the Sansa Fuze player as the output folder, but use an output folder on your computer. Once the files have been converted, then copy them directly to a Video folder on the Sansa Fuze (using Nautilus in Ubuntu or Dolphin in Kubuntu).
  • I like k9copy to extract something (that I have saved) on a DVD to an mp4 (.avi) first. The Sansa Fuze likes video at 224 x 176 and DivX 4/5, so I extract to those specifications:
Menu -> Multimedia -> k9copy -> Input: DVD -> Output: MPEG-4 encoding -> folder icon: /home/user/Videos
k9configure -> MPEG-4 -> Video -> Codec: MPEG-4 (DivX 4/5) -> Width: 224 -> Height: 176
-> Audio: mp3 (lame) -> Bitrate: 128

I then use video4fuze to convert the extracted mp4 (.avi) into the format that the Sansa Fuze likes.

  • Limitations: At this time Flash videos (.flv) cannot be converted directly by Video4Fuze. You must convert flash videos to another format (such as .mpg or mp4/.avi) prior to Video4Fuze conversion, using a converter such as mencoder or ffmpeg (e.g. with WinFF as the GUI).

MachSpeed Trio

The MachSpeed Trio works natively with (K)Ubuntu Linux. Files can be copied directly to the device from a File Manager (Dolphin or Nautilus).

  • Video formats include .mpg, .flv and .avi. However, the screen is 7.5 cm x 4 cm, which is a 1.875 ratio (widescreen). If your video has a 1.33 ratio (fullscreen), you must add left and right padding to make it look normal. If your video is 320 x 240, for example, you must add left and right padding of 64 each (making it 448 x 240, which is approximately a 1.875 ratio).
In addition, I found I had to convert some videos twice (using ffmpeg) to get it into a format the Trio would accept. For example, I have a 160x120 .avi video I recorded on my camera. (This requires 32 padding on each side instead of 64.) There was a 2 step conversion required to get it into a format the Trio liked: 
ffmpeg -i cameravideo.avi -target ntsc-dvd -s 160x120 tempvideo.avi
ffmpeg -i tempvideo.avi -padleft 32 -padright 32 triovideo.avi
The first step does whatever it takes to get the video into a NTSC-compatible format. However, it encodes into the ac3 audio codec, which the Trio doesn't like. The second step converts the audio from the ac3 format to the default mp2 audio format (which the Trio likes better) as well as adds the padding (which in reality can be done in either step). I have tried to simplify this into a single command but haven't figured out how to do it yet.
I then copy the converted file directly onto the Trio, where it plays.

Speech Recognition

For more info see the Ubuntu Wiki -- Speech recognition. Integrated voice recognition is an ongoing project; accumulated information is available at VoxForge.

  • Julius -- open source continuous speech recognition / grammar engine (Japanese only -- does not have an English acoustic module currently). Install: 
sudo apt-get install julius julius-voxforge
  • CMU Sphinx -- open source voice recognition software. Install: 
sudo apt-get install sphinx2-bin sphinxbase-utils pocketsphinx-utils

Apps using voice recognition (also see this list):

Networking

Only one network manager and GUI interface can be enabled. Network-Manager is installed by default, but many users prefer Wicd Network Manager.

Network Manager

Network Manager is the network manager installed by default in (K)Ubuntu. It has a tray applet that allows you to switch between Internet connections (such as wireless APs or wired connection).

Wicd Network Manager

Wicd Network Manager is a GTK-dependent networking manager written in Python that can be used in all variants of (K)Ubuntu. Many users (including me) report it to be faster and more stable than Network Manager. To avoid networking conflicts, Wicd requires the removal of Network Manager prior to installation (replace network-manager-kde with network-manager if using Ubuntu instead of Kubuntu). 

sudo apt-get remove network-manager-kde
sudo reboot
sudo apt-get install wicd

Set a static IP address

I have never been able to get Network Manager to accept my static IP address settings. If you only use only a wired interface, you do not need a network manager and it can be removed.

  • Remove Network Manager (replace network-manager-kde with network-manager if using Ubuntu instead of Kubuntu): 
sudo apt-get remove network-manager-kde
sudo reboot
  • Edit the /etc/network/interfaces file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/network/interfaces
  • and replace the line (ok if line is missing) 
iface eth0 inet dhcp
  • with the following lines (using your own LAN settings, of course): 
auto eth0
iface eth0 inet static
address 192.168.0.35
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
  • Then restart networking: 
sudo /etc/init.d/networking restart
  • Check to see if your settings are now correct: 
ifconfig
  • If you need a static IP address and have a wireless connection, Wicd Network Manager works:
  • Uninstall Network Manager and install Wicd instead (replace network-manager-kde with network-manager if using Ubuntu instead of Kubuntu): 
sudo apt-get remove network-manager-kde
sudo reboot
sudo apt-get install wicd

Manual configuration from the command-line

3 steps for WEP: 

sudo iwconfig eth[N] essid [SSID]
sudo iwconfig eth[N] key restricted s:[PASSWORD]
sudo dhclient

WPA is more complicated: 

sudo mkdir /etc/wpa_supplicant
cd /etc/wpa_supplicant
sudo echo network = { > wpa_supplicant.conf
sudo echo ssid="SSID" >> wpa_supplicant.conf
sudo echo key_mgmt=WPA-PSK >> wpa_supplicant.conf
sudo echo psk="PRESHAREDKEY" >> wpa_supplicant.conf
sudo echo } >> wpa_supplicant.conf
cd /etc/network
sudo gedit interfaces

Now add after "auto eth[N] ..." & "iface eth[N] .." : 

wpa-driver wext # or whatever driver your network card needs
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Save the file and restart your system.

Internet connection sharing (DHCP server)

In most LANs, an inexpensive router is used to provide DHCP functions (internet connection sharing).

However, DHCP services can also be provided by a single host computer on your LAN if it is directly connected to the Internet. (This is useful, for instance, if you have a 3G or other wireless EVDO connection to your computer which you want to share with the other computers on your LAN). Other client computers on your LAN would then connect to the Internet through your host computer's Internet connection. The host computer now essentially performs the DHCP functions of a router.

All "client" computers on the LAN ought to be connected to a central LAN switch or router. (If using a router, it should have its own DHCP functions disabled -- you shouldn't have 2 DHCP servers on a LAN unless you know how to nest LANs). They should all be set up to obtain DHCP-assigned dynamic IP addresses and use the same LAN subnet settings (which in the example below is LAN IP range 10.0.0.1 - 10.0.0.250 with netmask 255.255.255.0 and gateway 10.0.0.1). The host computer to be used as the gateway/DHCP server is then connected (through its own ethernet port) either to one to the ports of the switch (if used), or to a LAN port of a router (don't use the WAN port). The host computer then connects directly to the Internet (WAN) through a second port (which in the example below will be a wireless (wifi) port (wlan0)).

(Note: This setup is easiest if you connect all computers on the LAN with Ethernet cables to the central switch or router. But also see using a nested wireless LAN router below.)

(Note: If you want your LAN to use the same subnet as your WAN, see network interface bridging.)

  • Install the DHCP server and firewall programs: 
sudo apt-get install dhcp3-server firestarter
  • Rename the startup command (through a symbolic link) for the DHCP server. This is required or Firestarter will not know where to find it: 
sudo ln -sf /etc/init.d/dhcp3-server /etc/init.d/dhcpd
  • Edit the DHCP server configuration file: 
sudo nano -w /etc/default/dhcp3-server
Change the line 
INTERFACES=""
to 
INTERFACES="eth0"
  • Restart the DHCP server: 
sudo dhcpd restart
  • Right click on Network-Manager -> Edit Connections... -> Wired -> Add
-> Connection name: Shared internet connection
-> IPv4 Settings -> Method: Manual -> Add
-> Address: 10.0.0.1 -> Netmask: 255.255.255.0 -> Gateway: 0.0.0.0
-> Available to all users: [x]
  • Attach the ethernet cable to (eth0).
Network-Manager -> Wired Networks -> Shared internet connection
  • Adjust your firewall to allow the internet connection sharing. Start Firestarter: 
sudo firestarter
  • Tell the firewall which port is your direct Internet Connection:

Firestarter -> Preferences -> Firewall -> Network Settings -> Internet connected network device: (wlan0)

-> IP address is assigned by DHCP: [x]
  • Tell the firewall which port is for the LAN, and specify the details for the LAN:

Firestarter -> Preferences -> Firewall -> Network Settings -> Local network connected device: (eth0)

-> Enable internet connection sharing: [x]
-> Enable DHCP for the local network: [x]
-> DHCP server details -> Create new DHCP configuration -> Lowest IP address to assign: 10.0.0.2
-> Highest IP address to assign: 10.0.0.250 -> Name server: <dynamic>
Note: Use your own desired LAN settings (internal DHCP-assigned dynamic IP address range), of course. In this example I don't use the full IP range 10.0.0.2 - 10.0.0.255 for dynamic IP addresses because I want to reserve some LAN addresses (10.0.0.251 - 10.0.0.255) to be used as static IP addresses).
  • Notes:
  • If you wish to use this setup all the time, make the "Shared internet connection" profile your default connection profile in Network Manager.

Using a nested wireless LAN router

Many users will already have an established LAN that uses an existing wireless router and has client computers that are setup to connect wirelessly to the router. Here's how to maintain this setup and still use the internet connection sharing method of a single host computer as described above. This method is known as nested LANs. The wireless router will serve as a nested LAN for its wireless clients (only), but in turn will appear as a single device to the main LAN. The two LANs must have different IP ranges. For example, the main LAN may have an IP range 10.0.0.1 - 10.0.0.255 (with netmask 255.255.255.0), as in the above example. The router's nested wireless LAN must then use a different IP range (for example 192.168.0.1 - 192.168.0.255 with netmask 255.255.255.0).

  • Do not use your wireless router's WAN (Internet) port.
  • Connect the host computer (to be used as your main LAN gateway/router) to a LAN port (not the WAN/Internet port) of the wireless LAN router.
  • Configure your wireless router's LAN so that it appears to be a single device to the main LAN:
  • Setup your wireless router so that the Internet Connection type is "Static IP" (often in the "Internet Setup" section). Configure the settings so that its "Internet IP address" is within the static IP address range of your main LAN (e.g. 10.0.0.254), and make sure the subnet mask matches the one you chose for your main LAN (e.g. 255.255.255.0). The gateway setting should be set to match the IP address of your host computer of the main LAN (e.g. 10.0.0.1 in the example of the preceding section). Now the wireless router will appear to the host computer as just another device on the main LAN.
  • If your wireless LAN is already functioning, you probably don't have to change any settings, but double-check to make sure the schema are compatible. Configure the wireless router's settings for the nested wireless LAN. This is done by enabling the router's DHCP server functions (in "Network Setup" or some similar configuration section of the router). The router ought to have as its own wireless LAN gateway address a "local IP address" (or "LAN IP address") of 192.168.0.1 (for the IP address range used in this example), and a "starting IP address" (for the DHCP-assigned dynamic IP address range to be used for the wireless clients) to be 192.168.0.2 or greater. (Some routers ask you to specify the entire range (such as 192.168.0.2 - 192.168.0.255.)
  • Make sure all your wireless client computers are set to obtain their DHCP-assigned dynamic IP addresses from the wireless router (gateway IP 192.168.0.1) instead of from the main LAN gateway.
  • Now all communications from the wireless client computers will be routed to the wireless LAN router first, which will then in turn route them to the host computer (which is acting as the main LAN gateway/router), which will then in turn route them to the Internet (WAN).
  • Note: The host computer for the main LAN must have a static IP address (e.g. 10.0.0.1 as in the example of the preceding section) and it must match the gateway IP address configured in the wireless LAN router settings.

Network Interfaces Bridging

  • Install bridge-utils to be able to create network bridges: 
sudo apt-get install bridge-utils
  • Edit /etc/network/interfaces: 
sudo nano /etc/network/interfaces

The interfaces file should look like this after editing it: 

auto eth0
iface eth0 inet manual
#
auto br0
iface br0 inet dhcp
#
bridge_ports eth0 wlan0
#
# The loopback network interface
auto lo
iface lo inet loopback
  • Restart networking with: 
sudo /etc/init.d/networking restart

Using Dynamic IP addresses for a webserver

Normally, domain name servers (DNS) that are used publicly on the Internet match a web server's URL name with the IP address of the server's host computer. If your computer has a static IP address, then you can publish your own web server's URL as belonging to the static, unchanging IP address of your computer.

However, if your IP address is dynamic (always changing) because you use an ISP (Internet Service Provider) that constantly changes your IP address (using DHCP), then you will need a Dynamic DNS service to constantly keep track of your dynamically changing IP address and match it to of your web server's URL. Fortunately, there are a few Dynamic DNS services that will do this for you, either for a small fee or even for free. For more info, see this Ubuntu Community help article.

For specific tips on setting up Dynamic DNS, see this article.

Filesharing

NFS

NFS is the default networking protocol for network file sharing in *nix systems (including Ubuntu Linux).

Samba File Sharing

Samba client

Samba is a networking protocol that allows compatibility with Windows-based networks. The Samba client is installed by default in Ubuntu and should work seamlessly (unless you have have a firewall blocking the ports).

Samba server

Samba provides file/print services for the SMB/CIFS protocol used in Windows-based networks. See the official Ubuntu documentation for more information about providing services in a Windows network. A Samba server can be installed using the tasksel option during installation of the Ubuntu server from the LiveCD, or at any time using: 

sudo tasksel install samba-server
  • An alternative method of installation is: 
sudo apt-get install samba samba-tools system-config-samba smbfs
Note: samba-tools, system-config-samba, and smbfs are optional.
  • Modify Samba settings.
  • Method 1:
Menu -> System -> Administration -> Samba
(Note: this is available only if you installed system-config-samba.)

It is recommended that your user be a member of the sambashare group, as well.

  • Method 2:
Enable File Sharing Server With User Login (Very Reliable Method)
Do the following on the machine that has the files to be shared:
  • Add current user to Samba: 
sudo smbpasswd -a username
(replacing username with your login username)
  • Open the samba config file: 
sudo nano /etc/samba/smb.conf
  • Add the directories to be added (right at the end) in the following format: 
[Pictures]
path = /home/username/<folder_to_be_shared>
(Replace username with your username and <folder_to_be_shared> with the folder you want to share)
Press CTRL+X and then Y to save.
  • Restart Samba: 
sudo service smbd restart
sudo service nmbd restart
Note: Prior versions used: 
sudo /etc/init.d/samba restart
  • On Windows access the folder in the following format in Windows Explorer: 
\\192.168.x.x
(replace 192.168.x.x with the actual IP address of your server which is serving the folder)
  • On Linux type the following in Konqueror or Nautilus: 
smb://192.168.x.x
(replace 192.168.x.x with the actual IP address of your server serving the folder)

Note: If you use Sharing in KDE's System Settings panel, be aware that there is a small bug, reported here. In brief, you need to comment out/delete any instances of these two lines in /etc/smb.conf : 

case sensitive
msdfs proxy

Change your Workgroup

To change your Samba (Windows network) workgroup: 

sudo nano /etc/samba/smb.conf

Look for the line: 

workgroup = WORKGROUUP

and change the setting to whatever your LAN workgroup is.

Recognizing Win98 machines

Microsoft networking is extremely quirky. To enable recognition of PCs with Windows 98, edit your Samba configuration file: 

sudo nano /etc/samba/smb.conf

Then add the following lines to the file: 

[global]
# THE LANMAN FIX
client lanman auth = yes
client ntlmv2 auth = no

Integrating into Mac OS X Network

See this guide for information on integrating Ubuntu into an existing Mac OS X Appletalk network.

FTP Server

An FTP server allows the easy transfer of files between systems over the network. Clients such as Filezilla can be used to interact with an FTP server. Also see these FTP tips.

vsftpd

vsftpd is an FTP server available in (K)Ubuntu. For configuration information, see the official Ubuntu documentation. Install: 

sudo apt-get install vsftpd

proftpd

Proftpd is an FTP server available in (K)Ubuntu that can be used with either the MySQL or PostgreSQL database. Also see the Ubuntu Community documentation. Install: 

sudo apt-get install proftpd-basic

WebDAV

WebDAV is a method for allowing remote access to local folders via an HTTP-based web browser or file manager. This can be combined with user authentication (using LDAP or other password mechanism).

Local Area Network

Modems / Dial-up

Network Manager does not accept modem connections. See Ubuntu help for information on identifying and connecting with a modem. These instructions require gnome-network-admin (install while connected to a wired ethernet connection): 

sudo apt-get install gnome-network-admin

Gnome PPP and wvdial

Gnome PPP is a discontinued GUI frontend for the wvdial PPP modem dialer. It is still available as a package. Install: 

sudo apt-get install gnome-ppp wvdial

See this forum thread for tweaks required to make Gnome PPP and wvdial operational in Lucid.

GPPP

GPPP was the default modem dialing application in previous versions of Ubuntu.

Menu -> Applications -> Internet -> GPPP Internet Dial-up

Remote Access

There are several methods of remote access. VNC sharing allows you to view and control a remote computer's desktop. (Windows users use a similar proprietary protocol called remote desktop protocol (RDP)). XDMCP allows a complete remote X-windows based login. Remote connections are hazardous unless proper security precautions are taken to prevent unauthorized logins and to ensure encryption of transmitted data.

SSH

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel (or "tunnel") between two computers. Encryption provides confidentiality and integrity of data. The OpenSSH client is installed by default in Ubuntu so you can connect to another computer that is running an SSH server.

Connect to a remote SSH server

From the command-line terminal

Install the OpenSSH client (if not already installed): 

sudo apt-get install openssh-client

From the command-line Terminal type: 

ssh -C <username>@<computer name or IP address>
Note: The -C option indicates compression, which speeds up transmission through the tunnel.

For example: 

ssh -C joe@remote.computer.xyz
or: 
ssh -C mike@192.168.1.1
or 
ssh -C 192.168.1.1 -l mike
Note: -l specifies the login id.


If the SSH server is listening on a port other than port 22 (the default), you can specify that in your connection (with the -p option). For example, if the SSH server is listening on port 11022, connect: 

ssh -C joe.friday@remote.computer.xyz:11022
or 
ssh -C remote.computer.xyz -p 11022 -l joe.friday

If you have made a public/private key using ssh-keygen, the private key must be stored in /home/user/.ssh. The key should be accessible only to user 

sudo chmod 600 /home/user/.ssh/identity
or 
sudo chmod 600 /home/user/.ssh/id_rsa

To login with the key: 

ssh -C remote.computer.xyz -p 11022 -l joe.friday

Note: You can run the command as a menu item, but the command must be "run in terminal."

Port forwarding through SSH

  • In brief, use 
ssh -C <remote ip> -p <SSH tunnel port> -L <local port>:<remote computer>:<remote port> -l <user>

This specifies that any communications from your computer (localhost) going out through <local port> will be transmitted securely through the the SSH tunnel port. To use VNC through the tunnel, you would use an application like Krdc or Vinagre: 

krdc vnc://localhost:<local port>

Note: localhost is equivalent to (and interchangeable with) 127.0.0.1. Either can be used.

Note that for VNC, the default <local port> is 5900. In general, a remote VNC server (such as X11VNC) is also listening on the default <remote port> 5900 as well. The default <SSH tunnel port> is 22, as discussed above. All these can be changed, however, if you desire greater security.

For me, I noticed that I had to set <remote computer> to be the internal LAN IP address of the remote computer (such as 192.168.1.155) instead of the remote router's IP address, which is specified in <remote IP>. (If the remote computer has a static IP address (i.e. is directly connected to the Internet without an intervening router), then <remote computer> and <remote ip> would be the same.)

Example: For extra security, my SSH Server uses <SSH tunnel port>=11022. I want to VNC to a remote computer on a remote LAN with a router whose IP address is <remote ip> = 244.205.123.123. The remote computer to which I want to connect has a static IP address within the remote LAN of <remote computer> = 192.168.1.155. I have set up an X11VNC server on this computer that is listening on <remote port> = 6912 (instead of the default 5900). I setup port forwarding on the router of this remote LAN to forward port 6912 to this server computer. I want to VNC to this remote computer from my laptop, through the Internet. My laptop VNC client (Krdc) will use the default <local port> = 5900. My name is <user> = joe.friday. This is my story. 

ssh -C 244.205.123.123 -p 11022 -L 5900:192.168.1.155:6912 -l joe.friday
krdc vnc://localhost:5900

If you have set up a private/ public key pair with a passphrase, or if your SSH server requires a passphrase, of course, you will be prompted for the passphrase after issuing the SSH command.

Note: Port forwarding assumes that the ports are also forwarded through the router(s) and through any firewalls. See the documentation for your router(s) and firewall to learn how to do this. The advantage of SSH tunneling is that only the <SSH tunnel port> needs to be open and forwarded by a router. All encrypted communications will go through your router using this single port. This is what makes the communications secure.

PuTTY

PuTTY is a GTK-based GUI client-interface for SSH connections and eases the setup for port forwarding, SSH public key authentication, and automated login. A user would run Putty to create the SSH tunnel (instead of the ssh command) and then run a program such as Krdc or Vinagre. PuTTY is available for both Linux and Windows (but for routine Linux usage OpenSSH is generally recommended instead). 

sudo apt-get install putty putty-tools
  • To create a 2048-bit RSA key pair compatible with OpenSSH, it is possible to use Puttygen (part of Putty-tools). (For me the Linux version of Puttygen is occasionally buggy, however, so I recommend OpenSSH keygen for routine usage instead): 
puttygen -t rsa -b 2048 -O private -o putty_rsa.ppk
puttygen putty_rsa.ppk -O public-openssh -o id_rsa.pub
puttygen putty_rsa.ppk -O private-openssh -o id_rsa
  • Move the OpenSSH-compatible keys to the ~/.ssh (i.e. the /home/user/.ssh) folder 
mv id_rsa* ~/.ssh
  • Copy the public key ( /home/user/.ssh/id_rsa.pub ) to the server that is hosting the OpenSSH server, into the /home/serveruser/.ssh (for whichever user is the administrative user for the server -- generally the user that installed the server initially). If the SSH tunnel is (still) set at default port 22, you can copy the key using the utility: 
ssh-copy-id serveruser@remoteserver.computer.xyz
  • Connect a VNC client (such as Krdc) through SSH using the command-line: 
putty -ssh -i ~/.ssh/id_rsa -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -P 22
krdc vnc://127.0.0.1:5900
or as a single command: 
putty -ssh -i ~/.ssh/id_rsa -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -P 22 sleep 5; krdc vnc://127.0.0.1::5900
  • Alternatively, the PuTTY SSH Client GUI can be run (from Menu -> Internet -> PuTTY SSH Client) and options configured from there.

Using keys created by Puttygen in OpenSSH

The public security key generated by Puttygen in Windows is generally not compatible with OpenSSH security keys unless it is edited. For example, the default OpenSSH key is 2048-bit RSA (SSH-2). When a 2048-bit RSA (SSH-2) PuTTY public/private key pair is generated (by Puttygen) in Windows (see this tutorial), the public key looks like: 

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20100302"
AAAAB3NzaC1yc2EAAAABJQAAAQEAjdp567qxsGkhELlMQup2mXHdsveCWq/maU6k
unPpbkwEuhkasuOrhkAWgv5v3d8S857zdHcfnXWi2FkEaJuFxqpJ2IkFuvqRdqYD
ZCcASj2S0LoXdWpC4uon6VH8oBT31r+wkDfmI2a+K74jgXjtm1BWWxwOpKaWQHi9
YItbY/06renRex34n3ejO20JRqD/BxnFU7ND41Szo3ZMKoa0yzhevU2ntt74BCvC
bYFHdSoRbi3AH8qGInzFfhXPdrG8qA382ZKEh5Bmy8Qxb9Uen/+jjP51YxN/ykee
RwSrdSCZekB6jN6uuTLNDEXJSJizqlPU8tROqf3pYv1kxzD9bw==
---- END SSH2 PUBLIC KEY ----
  • To be used by OpenSSH, the saved public key must be edited.
  • Delete the first two lines (with the BEGIN and Comment: in them) and the last line.
  • Join the remaining lines into a single line.
  • Place ssh-rsa at the beginning.
  • It should end up looking like: 
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjdp567qxsGkhELlMQup2mXHdsveCWq/maU6kunPpbkwEuhkasuOrhkAWgv5v3d8S857zdHcfnXWi2FkEaJuFxqpJ2IkFuvqRdqYDZCcASj2S0LoXdWpC4uon6VH8oBT31r+wkDfmI2a+K74jgXjtm1BWWxwOpKaWQHi9YItbY/06renRex34n3ejO20JRqD/BxnFU7ND41Szo3ZMKoa0yzhevU2ntt74BCvCbYFHdSoRbi3AH8qGInzFfhXPdrG8qA382ZKEh5Bmy8Qxb9Uen/+jjP51YxN/ykeeRwSrdSCZekB6jN6uuTLNDEXJSJizqlPU8tROqf3pYv1kxzD9bw==
  • Once the PuTTY public key is in this format, it can be appended to the ~/.ssh/authorized_keys file on the OpenSSH server. (The private key stays on the client computer, of course). PuTTY can then connect (from Windows or Linux) to an OpenSSH server using the public/private key method.

Connect using SSH Agent

With SSH Agent you can automate the use of public key authentication and open an XDM or VNC session using a script. See this tutorial.

Also see this alternative simple approach: Connect with SSH and start an application with a single command.

Setup an SSH server

Install the OpenSSH server: 

sudo apt-get install openssh-server
or 
sudo apt-get install tasksel
sudo tasksel install openssh-server

Note: The OpenSSH server can also be installed when doing a server installation as an option from the LiveCD.

Note: An OpenSSH server can also be set up on a Windows server using Cygwin. See these instructions.

  • Don't forget to forward the port on which your OpenSSH server is listening. The default SSH port is 22; if the default is used, the router should therefore forward port 22 to the computer on the LAN that is hosting the OpenSSH server. The OpenSSH listening port can be changed; in fact, each computer on the LAN can listen on its own unique SSH port, if desired. The router must forward each specified listening port to the correct computer. Therefore, if computer 1 has its OpenSSH server set to listen on port 22221, then the router should forward port 22221 to computer 1's LAN IP address. If computer 2 has its OpenSSH listening port set to 22222, then obviously the router must forward port 22222 to computer 2's LAN IP address. To change the listening port of the OpenSSH server, edit the /etc/ssh/sshd_config file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/ssh/sshd_config

and change the listening port from 22 to your desired listening port: 

Port 22221

then restart the OpenSSH server: 

sudo /etc/init.d/ssh restart

Limit authorized SSH users

OpenSSH Public Key Authentication

See this OpenSSH Public Key Authentication Tutorial.

In brief, it is necessary to generate a public / private key pair. On your client machine, generate the pair: 

ssh-keygen

A prompt asks for a passphrase. If you wish to use OpenSSH without a password from a secure client (to which no one but you has access), leave the passphrase blank. If you enter a passphrase, you will be asked for this passphrase each time you use the SSH client. By default, a 2048-bit RSA SSH-2 key pair is generated and stored in the /home/user/.ssh folder. The private key is named id_rsa and is meant to stay in that folder. (The public key is id_rsa.pub and is meant to be copied to the OpenSSH server.)

  • The private key must only be accessible (and should be read-only) to user, the owner of the file: 
chmod 600 /home/user/.ssh/id_rsa
You could also make the entire .ssh folder accessible only to user: 
chmod 700 /home/user/.ssh
  • Copy the public key ( /home/user/.ssh/id_rsa.pub ) to the server that is hosting the OpenSSH server, into the /home/serveruser/.ssh (for whichever user is the administrative user for the server -- generally the user that installed the server initially). If the SSH tunnel is (still) set at default port 22, you can copy the key using the utility: 
ssh-copy-id serveruser@remoteserver.computer.xyz
  • The ssh-copy-id utility only works over port 22. An alternative if you have changed your SSH port is to copy the /home/user/.ssh/id_rsa.pub key to the server manually. On the server make sure the directory /home/serveruser/.ssh exists and that there is a file authorized_keys (with write privileges) in that folder. If not, create such a file while logged into the server as serveruser (the touch command creates an empty file): 
mkdir ~/.ssh
cd ~/.ssh
touch authorized_keys

Then concatenate the id_rsa.pub key you have copied to the ~/.ssh folder. (Make sure the owner of id_rsa.pub, after copying, is serveruser.): 

cd ~/.ssh
chown serveruser id_rsa.pub
cat authorized_keys id_rsa.pub >> authorized_keys
  • Make sure the OpenSSH server knows to look for the key file. On the remote server, edit the OpenSSH configuration file: 
sudo nano /etc/ssh/sshd_config
  • Uncomment the line (i.e. remove the # at the beginning of the line): 
#AuthorizedKeysFile %h/.ssh/authorized_keys
  • Remove the ability to login to the OpenSSH server using password authentication: 
 sudo nano /etc/ssh/sshd_config
  • Change the line 
#PasswordAuthentication yes
to 
PasswordAuthentication no
  • Restart the OpenSSH server: 
sudo /etc/init.d/ssh restart
  • Now you can connect securely with an SSH tunnel without requiring a password, logging in as serveruser. 
ssh -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -p 22

Connect with SSH and start an application with a single command

  • If you have created an OpenSSH key pair (without a password), you can start both the SSH tunnel and a VNC program (such as Krdc or Vinagre) to run through the SSH tunnel with a single command: 
ssh -f -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -p 22 sleep 5; krdc vnc://127.0.0.1::5900
  • Alternatively (and probably preferably) you can create a Menu Item / Shortcut with the above command.

Note: This command is a command-line mini-script. The SSH option -f option tells the SSH client to fork into the background after starting. (This option is not available in the PuTTY client.) This allows the command line to continue to proceed to the next command(s) listed on the command line mini-script. The 5 second wait ("sleep") timeout allows time for the SSH tunnel to be created before proceeding to the next command. (This can be lengthened if necessary.) After the wait period, the program (Krdc VNC in this example) is started.

  • Of course, any program could be started (to be run through the SSH tunnel) in this fashion, not just a VNC program.

Automate SSH connections that require a password

This method is strongly advised against. Transmitting an unencrypted password through the Internet (in order to establish an SSH connection) invites password sniffing. Use the OpenSSH key pair methods described above, instead. This method is listed here for reference.

  • Terminal interactions (such as the SSH password challenge) can be automated using the expect utility. Install: 
sudo apt-get install expect
  • If, for example, your SSH client ID is clientuserID, yourpassword is not#1sostrong, and the remote SSH server is remoteserver.computer.xyz (using the default SSH port of 22), then use this command to start the SSH tunnel: 
expect -c 'spawn ssh -l clientuserID -L 5900:127.0.0.1:5901 remoteserver.computer.xyz -p 22; expect assword ; send "not#1sostrong\n" ; interact'

There are other parameters in this example. 5900 and 5901 are the ports to be used on either side of the tunnel (port 5900 is used for VNC, for example). See Port forwarding through SSH for more details.

You can use the entire command as a menu item (must be "Run in terminal" in the Advanced menu options).

VNC

Virtual Network Computing (VNC) mirrors the desktop of a remote ("server") computer on your local ("client") computer (it is not a separate remote login, as is XDMCP). A user on the remote desktop must be logged in and running a VNC server (such as X11VNC, Vino, or Krfb). Keyboard and mouse events are transmitted between the two computers. VNC is platform-independent —- a VNC viewer on one operating system can usually connect to a VNC server on any other operating system. (Windows users can use one of several clients such as UltraVNC Viewer.)

Vino Remote Desktop VNC server

Vino-server (the Gnome VNC server) is included by default in Ubuntu. Start:

Menu -> System -> Preferences -> Remote Desktop
  • You can accept uninvited connections in the Security section. You can require a password for these connections.
  • This implementation of Vino does not allow changing the default listening ports (which start at 5900). If you wish to customize your VNC connection, use X11VNC instead.

How to securely use VNC with SSH tunneling

It is less secure to leave the VNC listening port open to the Internet, even with a password. (This can expose you to password cracking attempts.)

It is more secure to use SSH to tunnel your VNC connection. Under SSH port forwarding, the VNC listening port is the <remote port>. To increase security, this listening port can be changed from the default 5900. Only the VNC server and the SSH client need to specify the <remote port> in a secure connection.

X11VNC Server

While Vino is easy to use, X11VNC allows far more customization and therefore can be used more in situations where greater security is needed.

  • Install an X11VNC server to share your desktop with other computer: 
   sudo apt-get install x11vnc
  • Run X11VNC without a password: 
x11vnc -forever -rfbport 5900
Note: -rfbport 5900 specifies the port to listen on. The port number can be changed. This option is not required if the default port 5900 will be used. Don't forget to open/forward this port in your firewall/router. By default X11VNC server exits after the first client disconnects. To keep it running (and allow future connections), use the -forever option. See here for more command line options.
  • Create a password to use with X11VNC: 
mkdir ~/.vnc
x11vnc -storepasswd YOUR_PASSWORD ~/.vnc/x11vnc.pass
  • X11VNC can then be started with a password: 
x11vnc -forever -rfbport 5900 -rfbauth ~/.vnc/x11vnc.pass -o ~/.vnc/x11vnc.log -loopbg -display :0
  • You can create a startup script so that X11VNC is automatically loaded at startup (with password settings): 
echo "/usr/bin/x11vnc -forever -rfbport 5900 -rfbauth ~/.vnc/x11vnc.pass -o ~/.vnc/x11vnc.log -loopbg -display :0" > ~/.config/autostart/x11vnc.sh
chmod +x ~/.config/autostart/x11vnc.sh
  • You can test the startup script: 
~/.config/autostart/x11vnc.sh

Using VNC with SSH

See Port forwarding through SSH for additional information.

Vinagre VNC client

Vinagre is the default Gnome-based VNC client used in Ubuntu.

  • Menu -> Applications -> Internet -> Remote Desktop Viewer

Terminal Server Client

The Terminal Server Client is an Ubuntu/Gnome frontend for rdesktop (for RDP connections to Windows computers) and one of several vncviewer clients (for VNC connections). In can be used instead of Vinagre.

  • Menu -> Applications -> Internet -> Terminal Server Client
  • To use it with VNC, one of the VNC clients must be installed first. For example, install the TightVNC client: 
sudo apt-get install xtightvncviewer
  • Note that the TightVNC client can be used from the command line (or as a menu item) directly: 
vncviewer 192.168.0.12::5900
where 192.168.0.12 is an example host location that is running a VNC server on port 5900. For more command-line options, use 
man vncviewer

Krdc VNC client

Krdc is the default VNC client in Kubuntu/KDE but can be used in GNOME. It can be used for both VNC and RDP connections. Installing it will also install the Qt platform and many KDE utilities (a large download). 

sudo apt-get install krdc
  • Run:
Menu -> Applications -> Internet -> Krdc
  • The command-line connection (for use as a menu-item, for example) is: 
krdc vnc://<remote IP>
  • If the remote (Krfp) VNC server is using a <remote port> other than the default 5900 port, use 
krdc vnc://<remote IP>:<remote port>
  • Krdc can also connect to a Windows server using RDP (Remote Desktop Protocol). 
krdc rdp://<remote IP>:<remote port>

Using a VNC client with SSH

See this howto for an automated setup using a script (it did not work for me, but it might for you).

In brief, you would initiate an SSH tunnel with port forwarding using Putty or the command line: 

ssh -C <remote ip> -p <SSH tunnel port> -L <local port>:<remote computer>:<remote port> -l <user>
then you would start a VNC client such as Krdc: 
krdc vnc://localhost:<local port>

<local port> will usually be the default 5900, in which case you could simply use 

krdc vnc://localhost

XVNC4Viewer VNC Client

XVNC4Viewer is an alternative to Vinagre or the Terminal Server Client (vncviewer). Install: 

sudo apt-get install xvnc4viewer

Automatic user login (for use with VNC)

VNC only works if a user is logged in. When a computer (hosting one or more servers) is intended to start up unattended and VNC (with or without SSH tunneling) is to be used, the computer ought to start with the primary user logged in. To accomplish this:

Menu -> System -> System Settings -> Login Manager -> Convenience -> Enable Auto-Login (ticked) -> Lock session (ticked)
-> Pre-select user: Specified: Choose primary user (i.e. the user hosting the SSH tunnel, if any, and the VNC server)
-> Automatically log in again after X server crash (ticked)
  • Also make sure the VNC server is set to Autostart at bootup.

FreeNX

FreeNX is a remote desktop display server/client solution that natively incorporates SSH tunneling (unlike VNC). It is therefore more secure than VNC (unless VNC is coupled with SSH tunneling).

FreeNX Server

The Free server .deb package can be downloaded from No Machine free server downloads. 

sudo add-apt-repository ppa:freenx-team
  • Install the package: 
sudo apt-get update
sudo apt-get install freenx

FreeNX Client

Download the self-installing .deb file from No Machine Client downloads.

XDMCP

XDMCP allows a separate remote login by an authorized user. This login is separate from the local user.

  • XDMCP is not secure over the Internet and should only be used within a LAN. It cannot be tunnelled through SSH. It is turned off by default in Ubuntu. To enable it, edit the configuration file: 
gedit /etc/gdm/custom.conf
  • Find and change (or add) the line from false to true so that it reads: 
[Xdmcp]
Enable=true

Telnet

SSH is, basically, secure Telnet.

VPN clients

A VPN (Virtual Private Network) allows a secure encrypted connection ("tunnelling") over the Internet between a client (either standalone or on a separate LAN) and a home or corporate LAN server.

VPN through Network Manager

  • The default Network Manager in Ubuntu/Kubuntu has a VPN client available. This includes support for IPSec and Cisco-compliant VPN connections. Install: 
sudo apt-get install network-manager-vpnc
  • To connect to a VPN network using OpenVPN (SSL), install the plugin: 
 sudo apt-get install network-manager-openvpn
  • To connect to a VPN network using PPTP (MS Windows servers), install the plugin: 
sudo apt-get install network-manager-pptp
  • Configure:
Network Manager icon (in system tray) -> VPN Connections -> Configure VPN

vpnautoconnect (vpn daemon)

vpnautoconnect is a daemon to allow automatic vpn connections through Network Manager. Download and install the .deb package for your OS version.

Other VPN clients

Standalone VPN clients based on protocol are available (but not necessary if using Network Manager):

  • vpnc, grml-vpn -- for Cisco-compliant (IPSec) VPN networks
  • openswan -- for IPSec (OpenSwan) VPN networks
  • pptp-linux -- for PPTP (MS Windows-compliant) VPN networks
  • openvpn, gadmin-openvpn-client -- for OpenSSL (OpenVPN) VPN networks

VPN servers

OpenVPN

OpenVPN is a free, GPL-licensed open-source cross-platform VPN solution based on OpenSSL (not IPSec). Install the server (then see the website for further installation instructions): 

sudo apt-get install openvpn bridge-utils

A GUI configuration utility (GTK-based) is available: 

sudo apt-get install gadmin-openvpn-server

Also see these installation tips.

Poptop (PPTP Server)

Poptop is a free open-source PPTP-based VPN server compatible with MS-windows PPTP clients. Install: 

sudo apt-get install pptpd

OpenSwan

OpenSwan is the open source implementation of IPSec-based VPN connections for Linux (and is a successor to FreeSwan). Install: 

sudo apt-get install openswan linux-patch-openswan

Security

Ubuntu by default is a fairly safe system. However, if you intend to use Ubuntu as a server, or for critical applications in which loss of data (by accident or by malicious intrusion) would be disastrous, you should learn how to make Ubuntu more secure. A good introduction to Ubuntu Security Best Practices is available. Recommended reading includes the book Cyber War by Richard Clark and this interview with Joe Weiss (IT advisor for the energy-sector smart grid).

Firewall

Network communications go through "channels" called ports. You can restrict which ports are available ("open") for network communications, creating a barricade to unwanted network intrusion. Firewalls do this job for you. But I guarantee that if you install one before you know how to use it that one or more networking programs on your system will stop working. Read every bit of documentation about a firewall before installing it -- you won't regret the time invested. All of these packages modify iptables, which is the set of rules that controls network access in and out of your computer. (You can modify iptables manually from the command line, as well, but if you are that much of an expert, you probably don't need this guide.) Also see the official Ubuntu documentation.

Firestarter

Firestarter is an intuitive firewall manager used to set the iptables values which provide firewall capabilities in Linux (including Ubuntu). It has a very easy-to-use GUI. 

sudo apt-get install firestarter

Firestarter fails to open system log

This is a problem in Oneiric. See the solution here.

Guarddog

Guarddog is a GUI firewall configuration utility that has been used for KDE. It has a complex array of configuration, and is difficult to use for some beginners. 

sudo apt-get install guarddog

Uncomplicated Firewall

Uncomplicated Firewall is installed in Ubuntu by default, but all ports are open initially. It is configurable through the command-line interface. See this forum thread, or this usage tutorial, or Ubuntu community help for tips on how to set up and use it. If not installed, it can be installed: 

apt-get install ufw

Gufw

Gufw is a graphical user interface for Uncomplicated Firewall. Install: 

sudo apt-get install gufw

Anti-virus

  • If you are running a file server, interface frequently with Windows drives or share files with Windows users, or use virtualization, you will want a virus checker for your Windows files.
  • Despite extensive minsinformation, Linux is not immune from malware (witness the explosion of malware being created for the Linux-based Google Android systems). The malware is not usually spread within the OS itself (as long as the OS is a well-respected distribution obtained through official channels), but in trojan programs downloaded and installed by users outside of the normal software distribution channels (i.e. repositories) of the OS. There is always a danger to using programs downloaded from the Internet from sources other than respected repositories -- it is the primary reason that Debian and (K)Ubuntu retain tight control over their software repositories.
  • Any file can have malware embedded in it (which is trivial to achieve by concatenation, for example: cat originalfile.avi malware.exe > originalfileplusmalware.avi). The question is whether a user will try to open a file with a program (such as a media player) that has been compromised in a way that allows it to execute the code found in the infected media (e.g. .avi) file. This can occur not only for Windows users but for any OS (including Mac OSX and Linux) with a compromised program (e.g. media player).
  • Routine scanning of any file downloaded from the Internet, any file imported from another user's computer (even a trusted source, since their attention to virus prevention may not be as compulsive as yours), or any attachment received in an email (even from a trusted sender) should be done with an anti-virus program.

ClamAV

ClamAV is the open source virus tool for Linux. To install ClamAV: 

sudo apt-get install clamav
  • If an error is returned: "The database directory must be writable for UID 1000 or GID 1000" in order for the virus database to be updated, then change the ownership of the installation directory (/var/lib/clamav): 
sudo chown 1000 /var/lib/clamav

ClamTk (ClamAV GUI)

ClamTk is a GTK-based GUI frontend for ClamAV. Install: 

sudo apt-get install clamtk

AVG

AVG offers a free virus scanner for Linux in a .deb package. Download and install from the website.

Avast

Avast offers a Linux edition (for home users only) in a .deb package. Download and install from the website.

Anti-spam

Spam Assasin

SpamAssasin is written in perl, and is mostly for use with a server (such as a groupware server or Apache). Install: 

sudo apt-get spamassassin

Rootkit checkers

Rootkits are malicious trojan-like programs to allow an intruder to become a root user and therefore have complete administrative control over the system. There aren't many rootkits in the wild for Linux. Still, this is a growing security problem (especially in other operating systems) and it is a matter of time before more rootkits appear in Linux. Checking for rootkits isn't always successful from a system that is already infected. Your rootkit checker should therefore be run from another system, or a USB pendrive with an Ubuntu LiveCD installation. See the rootkit checker manuals for instructions how to do this. If you are infected with a rootkit, you must backup all your files and re-install your system. (Thank goodness this is easy with Ubuntu, unlike with other operating systems).

Chkrootkit

Chkrootkit checks locally for signs of a rootkit. See the chkrootkit manual for usage instructions.

Install: 
sudo apt-get install chkrootkit
Run: 
sudo chkrootkit

Rootkit Hunter

Rootkit Hunter is compatible with (K)Ubuntu systems. See the usage instructions.

Install: 
sudo apt-get install rkhunter
Run: 
sudo rkhunter

Malicious commands to avoid

There are many malicious commands to be avoided in Linux (as in all operating systems). It is worthwhile to be aware of these dangerous commands so that they are not executed by accident or by malicious advice.

USB drives

USB drives are a major source of security risk and means of data theft.

  • An administrator password should be set for the computer BIOS and booting from a USB drive or CD/DVD should be disabled. (Otherwise, any passerby can boot their own OS and then use it to steal data from the hard drive.)
  • See this article for methods of restricting USB usage to authorized users.

Prevent unauthorized boots and system access

Many computers are kept in places where casual passersby may have an opportunity to access the computer, unobserved for short periods. In addition to physical precautions to prevent or slow computer theft (such as locked cases, alarms, and security cables similar to those used to slow bicycle theft), precautions should be taken to prevent an unauthorized operating system from being booted using an external device (such as USB drive). Once such as external OS is booted, it can be used to access most hard drive(s) on the computer and the contents copied to a second external device (to be examined or unencrypted later). This is a common means of data theft that is fast and easy to accomplish, and means to deter it should be taken on any public or semi-public computer.

  • Set BIOS to restrict bootup to the hard drive only.
  • Set a Supervisor/Administrator password for your computer's BIOS. (I recommend writing it down and taping it to the inside cover of the computer case prior to locking the computer case.) Disable booting from all devices except the hard drive. Setting the hard drive as the first priority boot device is not enough, as most current BIOS menus allow manual selection of any enabled boot devices. Only the hard drive should be left enabled.
  • Enable Hard Drive locking, if your computer's BIOS allows it. Most hard drives allow a password to be set by the BIOS and stored in a chip on the hard drive controller which can only be reset by disassembling the hard drive. (Some manufacturers provide a backdoor security key, however.) BIOS versions found on newer computers/laptops allow this password to be set in the BIOS, so that only a BIOS containing the correct password can unlock the hard drive. (If the hard drive is then removed from the computer, it cannot be accessed by any BIOS that does not have the correct password or backdoor security key.) Note, however, that this precaution does not protect against booting from external devices if the BIOS is still set to allow that.
  • There is a risk to this security measure. If you forget the password and the BIOS passwords somehow get reset, the hard drive would become inaccessible. The BIOS and Hard Drive password(s) should always be stored in a safe location.
  • Password protect the Grub bootloader. Without password protection, Grub can be used to circumvent BIOS restrictions. See this section for Grub Legacy and this section for Grub2.
  • Make sure all user accounts are protected by a password, and always require passwords for login. Never create an "administrator" user account (hidden or not) and leave it unprotected by a password. Never enable automatic login without a password to any user account.
  • It is possible to enable automatic login to a preferred password-protected user account while simultaneously enabling a password-protected screensaver (the password for which must still be entered even before initial user access). This is a reasonable solution that offers protection while still allowing automatic login.
  • Make sure a password-protected screensaver is always enabled (that will engage after a reasonably short period of inactivity).

Network Monitors

There are two types of network monitors: those that monitor your own system's network settings and those that monitor network traffic. The latter includes security tools (that can also be used as hackers tools) for exposing security weaknesses in a network. Be aware and be safe! A list of available tools is at Top Ubuntu Security Tools.

Netstat

Netstat is the Linux command-line tool to monitor network status and functions. There are many usage parameters. See the manual for help. 

netstat

Etherape (Network monitoring)

EtherApe is a graphical utility that allows you to see (in real-time) where connections are being made on your network, or between your network (or computer) and the Internet. If you are experiencing unexpected network activity on your computer or LAN and wish to see where the activity is occurring, this is an easy tool to use. Both "local" user and "root user" installations are created; in general you must use the root user installation to see all your network traffic. 

sudo apt-get install etherape

List open files

Sometimes you will see your network slowing and want to know which files are sending data over ports. Use this command: 

lsof -i -n -P

Nmap

Nmap is a free open source utility for network exploration (including showing open ports and running services) and security auditing. Install: 

sudo apt-get install nmap

Scan your own PC: 

nmap localhost

(Once you have found out which ports are open, use a firewall to close the ones you don't want open.)

Nmap GUI

Install: 

sudo apt-get install nmapfe
or you can try Zenmap: 
sudo apt-get install zenmap

Nessus

Nessus is a proprietary comprehensive vulnerability scanning suite that is free for personal, non-enterprise usage. See the website for details.

Snort

Snort is the de facto open source standard for intrusion detection. Install: 

sudo apt-get install snort

It can be used with an MySQL database (sudo apt-get install snort-mysql) or with a PostgreSQL database (sudo apt-get install snort-pgsql).

AcidBase

AcidBase is an intrusion detection / basic analysis and security engine that uses Snort. Install: 

sudo apt-get install acidbase

AppArmor

AppArmor is a set of security enhancements developed by Novell for SUSE Linux. It is installed in (K)ubuntu by default.

Disable AppArmor

AppArmor can prevent some services from running as expected and cannot be used in conjunction with SELinux. To disable it: 

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

SELinux

SE Linux (Security Enhanced Linux) is an NSA (US National Security Administration) recommended set of tools for enhanced security in Linux systems. It enforces strict access controls (privileges) and is meant for mission-critical installations. It is not suitable for the casual desktop user. It was first available in Hardy Heron and is being updated for Intrepid Ibex. It is not compatible with AppArmor (which must first be removed). 

sudo apt-get install selinux

Knockd (Port security)

Knockd is a small server that listens for a pre-defined sequence of port opening attempts (a "knock") before opening an otherwise closed firewall port for communications. Install: 

sudo apt-get install knockd

Network Management

Monitor your network or datacenter with a framework of utilities. Comparable to IBM Tivoli (which can cost thousands of dollars), these solutions are generally available as either community or enterprise editions.

  • Hyperic is an open-source network monitoring framework that can be used in either a datacenter or a cloud environment (it is used for Amazon Cloud). Both a free community version and a subscription enterprise version are available.
  • Groundwork OpenSource offers a community edition that integrates other packages such as Nagios, Nmap, and others. There is a subscription enterprise version as well. It has its roots in a university setting.
  • OpenQRM is the GPL-licensed, free open-source community successor to the very popular network monitoring solution Qlusters. It is available as a Debian/Ubuntu package. See the website for details.
  • Canonical offers the Landscape network management service for $150 per node, with a free trial available.
  • Zenoss is a commercial network monitoring subscription package (about $150/node) with a limited free "core" edition also available.

Nagios

Nagios is a free open source network monitoring solution. It is administered from a web interface (http://localhost/nagios) and is expandable using a large number of available plugins. For additional configuration information, see the official Ubuntu documentation. Install: 

sudo apt-get install nagios3

Munin

Munin is a free GPL-licensed open source networking monitoring tool based on RRDTool, in which a master network node queries other network resources, cataloging and graphically displaying changes. It has a web interface and multiple plugins. For additional configuration information, see the official Ubuntu documentation. Install: 

sudo apt-get install munin

Cacti Monitoring Server

Cacti is a complete, free open source network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. It uses MySQL and PHP (part of the LAMP server stack). All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices. For more info see Cacti Server Setup. Install: 

sudo apt-get install cacti

Cluster SSH

ClusterSSH allows replication of a command on an administration console to be replicated via SSH to multiple computers in a cluster. Install: 

sudo apt-get install clusterssh

Enterprise Network Firewall

IPCop

IPCop is a free open source (GPL-licensed) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. It allows remote management and can protect multiple servers, including web and email servers. IPSec-based OpenVPN is supported. The CD image .iso and other files can be downloaded here. Installation instructions are on the website.

SmoothWall

SmoothWall Express is an award-winning, free, open source (with a GPL license) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. Download the installation CD .iso image here (server OS included), burn onto a CD, and install on a new, dedicated PC. Many features, however, such as VPN server, database access authentications, and content filtering are only implemented in a commercial version, however, and are not available in the community version.

Endian

Endian is a very robust, free, open source universal threat management appliance similar to IPCop and Smoothwall. It also incorporates OpenVPN. Like Smoothwall, Dansguardian is used for content filtering (and is included in the community edition). Commercial and hardware versions with some additional features, automatic updates, and professional support are available. See the website for details.

LTSP (Thin client support)

LTSP (the Linux Terminal Server Project) adds thin-client support to Linux servers. The package is free, GPL-licensed, and the client can be used to run programs on either Linux or Windows LTSP servers. There is a module for classroom management (ltsp-controlaula) as well. Installation instructions are here. The alternate LiveCD can also be used to install a terminal server, as indicated in these instructions.

LTSP Server

Install: 

sudo apt-get install ltsp-server ltsp-manager

LTSP Client

Install: 

sudo apt-get ltsp-client

iTALC (Thin client for Education)

iTALC is a free, open source (GPL-licensed) thin client solution that supports both (K)Ubuntu Linux and Windows XP. It has been used widely in educational settings to monitor, share, and control multiple workstations. See the website for download and installation instructions.

Internet Cafe software

Internet Cafe (or CyberCafe) software is specialized LAN-administration software that includes time usage monitoring, billing, and administration. It can also be used in schools, libraries, and organizations with multiple monitored workstations requiring usage limits.

OutKafe

OutKafe is a free, open-source, GPL-licensed cybercafe solution based on a postgreSQL database server stack. It is run on hundreds of sites. It is GTK-based but can be run with Kubuntu (KDE).

OpenKiosk

OpenKiosk is a free open source multi-platform server/client solution for administering and monitoring groups of workstations, such as in libraries, school labs, and internet cafes. Installation is from source files. See the website for details.

CafePilot

CafePilot is a free multi-platform Java-based server/client solution for real-time monitoring and billing of Cybercafe workstations. A complete custom Ubuntu-based LiveCD server/multiple-client solution (including OS and many applications for unlimited workstations) is available for $100 here.

Miscellaneous solutions

This thread discusses several other solutions, including:

Pessulus (Lockdown Editor)

Pessulus is a GTK (Gnome)-based utility that allows an a computer administrator to restrict acccess to several administrative functions, including the command-line Terminal and many other functions. This is useful on public kiosk PCs, for example. Install: 

sudo apt-get install pessulus

Cluster (cloud) computing

A warning about distributed computing

Cloud computing is often mistaken for remote hosting. While cloud computing using public hosts may be beneficial in "farming out" a few of your non-sensitive computing needs, the recent ease of cloning filesystems and the promiscuity of datacenters has placed a great deal of sensitive data at risk when databases and critical server functions themselves are remotely hosted at a site not under your complete control. Even "trusted" banks and other large businesses routinely trade and sell our sensitive "private" data to multiple partners (sometimes for profit and sometimes unwittingly). Hosted servers are compromised on a daily basis and it is not very easy for an end customer to know how effective are the security practices of a remote hosting service. Further, any data left on public storage devices (cloud servers) in the US for more than 180 days are subject to search and seizure by government agencies there. Therefore, it is almost always more secure to host your own server(s) in house and to limit the traffic and access to your databases and servers to members of your own organization. Learning how to run your own servers is worth the effort, and powerful hardware on which to run them is inexpensive these days.

The Ubuntu cloud computing environment allows you to recruit the multiple computers within your own organization for distributed ("cloud") computing and thereby keep it all "in house" (behind secure firewalls). You do not need to expose your organization to insecure remote public hosts in order to use cloud computing.

BOINC (Berkeley Open Infrastructure for Network Computing)

BOINC is middleware software developed at UC Berkeley to allow multiple computers to operate as a grid-based (cloud based) supercomputer. There are over half a million computers participating in BOINC projects. To install BOINC and participate in one or more of these projects: 

sudo apt-get install boinc

Servers

Many server packages (such as Apache2, MySQL, PHP, etc.) can be installed individually, on either a Desktop edition or a Server edition (using the tasksel command described below). It is not necessary in general, therefore, to install Ubuntu Server if you only wish to use an occasional server package on a Desktop edition. Most of the instructions for individual server packages will work on the Server edition, on the Desktop edition, or on a Server edition that has had an Ubuntu or Kubuntu desktop installed on it.

Nevertheless, the Server edition is optimised for speed and ease of monitoring and maintenance when implemented in large networks and is therefore recommended. (For complete information see the Ubuntu Server Guide.) It is always possible to add an Ubuntu (Gnome) or Kubuntu (KDE) GUI desktop to an Ubuntu Server at any time.

(If you are attempting to create a dual-boot or multi-boot configuration with multiple operating systems on your computer, then see these tips.)

(Tip: During installation of the server, an initial user / password is created. Many servers are intended to run unattended with little subsequent intervention and it can be easy to forget the original user / password pair that is created at installation. I suggest writing this information down and taping it to the inside of the computer case cover for later reference. (Lock the computer case if you desire extra security.))

There are many server packages that are available to be installed as a one-step process during the Server edition installation process from the LiveCD, or at any time (on most editions) using the tasksel command. For a list of server packages that can be installed using the tasksel command: 

sudo apt-get install tasksel
sudo tasksel --list-tasks
or using a GUI list: 
sudo tasksel

Ultimate Server Walkthrough

  • Using instructions from Ubuntuguide, an ultimate server can be created with two wikis (MediaWiki), two Drupal websites, a Moodle online learning website, a BigBlueButton teleconferencing server, an Ubuntu desktop, and dynamic DNS access from the web. All components can be expanded and/or additional servers added.
  • Lucid ultimate server walkthrough.
  • Original Jaunty ultimate server walkthrough.

Add a desktop to an Ubuntu Server

Packages that require server capabilities (such as Drupal with Apache, etc.) are often happier when a Server edition is installed as the base OS. However, adding a desktop can make the administration and maintenance of many packages easier for many users (albeit with a cost of reduced server speed). Add an Ubuntu (Gnome) or Kubuntu (KDE) desktop to a server using: 

sudo apt-get install ubuntu-desktop
or 
sudo apt-get install kubuntu-desktop

LAMP server installation

During server installation, you will have the option of installing a LAMP (Linux, Apache, MySQL, PHP) server stack. Many (but not all) open source servers use this integrated server stack. Drupal, for example, needs to have a LAMP server installed. If you intend to install a groupware server, however, make sure it is compatible with a LAMP server stack before choosing this option. Many groupware servers will install LAMP (or their own variation) automatically, so you do not need to install the LAMP stack. Others will install and use postgreSQL instead of MySQL, so you would not need to install a LAMP server.

Apache2 + MySQL + PHP

This is the preferred method: 

sudo apt-get install tasksel
sudo tasksel install lamp-server

(Tip: During installation of the LAMP server, an initial MySQL "root" user password is created. This information will sometimes be needed when installing other server packages that use MySQL. I suggest writing the MySQL password down and taping it to the inside of the computer case cover for later reference. (Lock the computer case if you desire extra security.))

Other servers

During server installation, you can choose other servers to install, as well. These include a Mail server (Postfix with Dovecot), a DNS server (bind9), the OpenSSH server, a print server, a Tomcat Java web server, a Samba file server (for use with Windows networks), and a virtual machine host (Xen). Again, if you are using a groupware solution, you should be careful about installing these services, as they may conflict with similar (but competing) servers which the groupware solution will install by default.

eBox (server and network manager)

eBox is a web-browser based server management platform that is useful in managing multiple servers and networking functions in a small to medium business. It is modular so that as the network grows and more networking functions or servers (such as the ones listed below) are added, eBox can manage those, as well. Install: 

sudo apt-get install ebox

OpenSSH server

OpenSSH allows encrypted communications through a designated secure port. See setting up an SSH server.

Mail Server

There are two methods for setting up a mail server.

  • The dovecot-postfix package install the components and configuration files to use the Maildir (mail spooling) folder system by default. See Dovecot-Postfix Mail server.
  • The mail-server task installs the components and configuration files to use the mbox (mail spooling) system by default. This can be installed: 
sudo tasksel install mail-server

Bind9 (DNS server)

BIND DNS servers are the most commonly used on the Internet. Bind9 is the current edition. See the usage instruction here. Also see the official Ubuntu documentation for more configuration information. It can be installed using the tasksel option during installation of the Ubuntu server from the LiveCD, or at any time using: 

sudo tasksel install dns-server

Apache Tomcat (Java server)

Tomcat is a free open source platform from Apache which provides a "pure Java" HTTP web server environment for Java code to run (see here for more info).

It is not part of the Apache2 web server. See the official Ubuntu documentation for more configuration information. It can be installed using the tasksel option during installation of the Ubuntu server from the LiveCD, or at any time using: 

sudo tasksel install tomcat-server

Xen virtual machine host

Xen is a free open source virtualization platform that allows the host to run "guest" operating systems simultaneously (see here for more info). Xen implementation in the (K)ubuntu server is based on integration with KVM, the kernel-based virtualization platform in Linux. KVM integrates with QEMU components, which have been merged with Xen.

Note: KVM requires a 64-bit processor with a virtualization extension, i.e. an Intel VT or AMD-V CPU, therefore this package currently is successful only with the 64-bit Ubuntu server installation and on those CPUs.

It can be installed using the tasksel option during installation of the Ubuntu server from the LiveCD, or at any time using: 

sudo tasksel install virt-host

Print server

Ubuntu uses the CUPS print server, which is integrated into the desktop. Installing a print server in Ubuntu Server is necessary only if you do not intend to use a desktop (i.e. you intend a "headless" server). It can be installed using the tasksel option during installation of the Ubuntu server from the LiveCD, or at any time using: 

sudo tasksel install print-server

OpenLDAP

OpenLDAP is a community-based LDAP server that allows directory querying over TCP/IP, generally for organizations arranged by domain. Ubuntu uses the slapd daemon for the OpenLDAP server. See the official Ubuntu documentation for more information about installation and setup.

Proxy server

Squid

Squid is a widely-used proxy web server and web cache daemon that is useful for corporate or other large LANs that wish to accelerate and/or control traffic through the LAN. For initial configuration information, see the official Ubuntu documentation. Install: 

sudo apt-get install squid

Privoxy

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. It is easier to configure and more useful for individual users. Install: 

sudo apt-get install privoxy

Reverse proxy Servers and Load Balancers

A reverse proxy server allows incoming web traffic on a LAN to be directed to multiple computers (each running one or more servers) on the LAN. When redundant instances of a server exist on a LAN, a Load Balancer allows traffic to be directed to the most available instance.

Pound (Reverse proxy and load balancer)

Pound is a free, open source (GPL-licensed) lightweight reverse proxy and load balancer. Also see the Ubuntu Community instructions. Install: 

sudo apt-get install pound

Apache Reverse proxy

The Apache2 server has a mod_proxy module available that enables reverse proxies. See these instructions for a simple method to implement reverse proxies using this Apache module.

Control panels

There are several free and/or GPL-licensed control panel utilities for managing multiple servers on a single physical server or cluster of servers running Debian/Ubuntu-based servers. Here is a brief overview.

  • Webmin is the most widely used web browser-based free open source web hosting control panel for Linux.
  • GNUPanel is a free GPL-licensed web hosting control panel system that is compatible with Debian/Ubuntu OS using PHP.
  • Web-cp.net is a free GPL-licensed web hosting control panel system that is compatible with Debian/Ubuntu OS using PHP.

Network Attached Servers

FreeNAS

FreeNAS allows a PC with several hard drives to function as a self-contained network attached storage RAID device. It is a very small, fast system, so that an older PCs could function quite well as an NAS.

Setup RAID in Ubuntu/Kubuntu

See this thread for a discussion how to set up RAID on an Ubuntu/Kubuntu server.

Databases

There are several free enterprise-strength databases that can be used in (K)Ubuntu Linux.

PostgreSQL

PostgreSQL is a free standards-compliant enterprise-strength open-source database, initially developed at UC Berkeley. See the PostgreSQL Server documentation for server configuration information. Install using the dummy task: 

sudo tasksel postgresql-server
or install directly: 
sudo apt-get install postgresql-8.4
or 
sudo apt-get install postgresql

MySQL

MySQL is one of the most widely-used relational databases, and has been licensed under the GPLv2. It has now been bought by Oracle as part of the purchase of Sun. It has long been integrated into co-ordinated server platforms using the LAMP stack, but it can also be installed separately. 

sudo apt-get install mysql-server

Tips & Tricks

Run Command

You can run any application in your path using the Run Command. Use Alt+F2.

Turn off Hot Keys

This is the most evil option on any operating system, in my opinion. A mis-stroke enables any number of random events. Unfortunately, this problem is pervasive in operating systems and is difficult to turn off.

Menu -> System -> Administration-> Advanced -> Input Actions -> General Settings -> check "Disable KHotKeys daemon"
Menu -> System -> Administration-> Advanced -> Input Actions -> Gestures Settings -> check "Disable mouse gestures globally"

If you wish to be selective about it (this doesn't often work, however), start by disabling unnecessary desktop hotkeys.

Menu -> System -> Administration-> Advanced -> Keyboard & Mouse -> Keyboard Shortcuts

Also, you may want to deactivate linking gestures to sticky and slow keys:

Menu -> System -> Administration -> Accessibility -> Activation Gestures -> uncheck "Use gestures for activating sticky keys and slow keys"

Note: You probably will have to disable hotkeys in many applications, as well.

Hotkeys from the Synaptics Touchpad can be selectively turned off using this information from the Ubuntu documentation.

Associate default applications

Menu -> System -> Administration-> Advanced -> File Associations -> x-content -> video-dvd -> Applications Preference order -> Add...
then choose your favourite media player. There are similar options for Blu-Ray (video-bluray) and HD DVD (video-hddvd). Set each individually.
  • To assign the default player for playing mpegs (or other video formats):
Menu -> System -> Administration-> Advanced -> File Associations -> video -> mpeg -> Applications Preference order -> Add...
then choose your favourite media player. You can do this for a host of video file formats, including .wmv (x-ms-wmv, or Microsoft WMV format), .flv (x-flv, or Flash video), quicktime, and so on.
  • To assign .pls audio streams to play through Audacious:
Menu -> System -> Administration-> Advanced -> File Associations -> audio -> x-scpls -> Applications Preference order -> Move Audacious to the top (or Add... it).
Make sure *.pls appears in the Filename Patterns section.

Automatic user login

  • To accomplish this (yet still require a user password):
Menu -> System -> System Settings -> Login Manager -> Convenience -> Enable Auto-Login (ticked) -> Lock session (ticked)
-> Pre-select user: Specified: Choose primary user
  • This ought to be combined with a password-protected screensaver.

Autostart a program at bootup

Any program (or script) can be made to Autostart at bootup by creating a symbolic link to that program (or script) in the ~/.config/autostart folder.

For example, to start Firefox at bootup, create a symbolic link: 

sudo ln -s /usr/bin/firefox ~/.config/autostart

Choose Bootup/Startup services

Preventing unneeded or unwanted services from loading at startup can improve system performance.

  • Install the GTK-based Bootup-Manager: 
sudo apt-get install bum
  • Run Bootup-Manager:
Menu -> System -> Bootup-Manager

Run a script from a menu item

It is possible to place a short script in a menu item / shortcut to answer an interactive query (such as a password query). Here is an example that is used to enter a password during an SSH negotiation. First, install the utility expect: 

sudo apt-get install expect

The use a command in the Menu Item / Shortcut similar to: 

expect -c 'spawn ssh -l sshuser -L 5900:127.0.0.1:5900 remoteserver.remotedomain.org -p 22 ; expect assword ; send "sshpassword\n" ; interact'

In this example the password sshpassword is returned when the ssh program requires a password. Expect waits for some text to be displayed in the command-line terminal then returns text in return. The Menu Item must be "Run in terminal", therefore.

SHC (Encrypt scripts)

SHC is a simple script compiler that will convert a script into a binary, obscuring the code (and passwords, etc.). Usage instructions are here. Install by adding the Debian Etch repository: 

sudo add-apt-repository 'http://archive.debian.org/debian etch main'

then install the shc package: 

sudo apt-get install shc

Capture a screenshot

See this tutorial.

Customize desktop to look like KDE

In recent versions of Ubuntu, the Gnome desktop can be made to resemble the cleaner KDE desktop with some customization. (Customizations are highly personal, and this section represents preference only.)

Run a KDE 4 desktop from Ubuntu

It is possible to install the KDE4-based desktop (the default in Kubuntu) in Ubuntu. 

apt-get install kubuntu-desktop

There is a risk of software bloat and some incompatibilities between modules when doing this. At login, you can choose (as an option) whether to start the KDE (Kubuntu) desktop or the Gnome (Ubuntu) desktop. Nevertheless, when there are two modules trying to perform the same function (one from each desktop), it is possible to have conflicts.

Run a KDE 3 desktop from Ubuntu

You can also install the older KDE 3 desktop on Lucid, or almost any KDE3 application.

  • Add the following KDE 3 repositories: 
sudo add-apt-repository ppa:kde3-maintainers
  • Install KDE 3.5 desktop: 
sudo apt-get update
sudo apt-get install kubuntu-desktop-kde3
  • To install any KDE3 app, append "-kde3" suffix to package name. See Pearson Computing for additional details.

Kill (end) a process

  • There are many tricks to try to fix a frozen PC. Press Alt+F2, and use killall to end the frozen application. Example: 
sudo killall amarok
sudo killall firefox
  • In order to terminate a stuck graphical application use the xkill utility. Press Alt+F2, type xkill, and press Run. Point the cursor to the application you want to kill and press the left mouse button. This should kill the selected application. 
xkill
  • Another trick to try is pressing AltGr+SysRq+K (RightAlt+PrintScreen+K). This will log you out. But, what happens if this does not work? Try pressing Ctrl+Alt+F1,login, enter your password and run: 
sudo killall gdm
sudo startx

View hidden files

In the Nautilus file manager, press: 

Ctrl+ H

Mute notifications (alerts)

  • Notifications (alerts) can be disabled:
Menu -> System -> Preferences -> Sound -> Sound Effects -> Sound theme: -> No sounds -> Close
  • GNOME notifications (alerts) are associated with sounds by default. This can also be disabled separately:
Alt-F2 -> gconf-editor -> /apps/indicator-sound -> volume_mute (ticked)
  • Turn off login notification sound:
Menu -> System -> Preferences -> Startup Applications -> Startup Programs -> GNOME Login Sound (unticked) -> Close
-> Menu -> System -> Administration -> Login Screen -> Unlock -> Play login sound (unticked) -> Close

Random password generator

  • Pwgen is a command line utility to generate a block of random passwords. Run it from Konsole (in Kubuntu) or Terminal (in Ubuntu). Install: 
sudo apt-get install pwgen
  • Run pwgen: 
pwgen
  • UUIDgen is a default utility to generate a random UUID. Run: 
uuidgen

The random UUID can also be used as a password, if desired.

Password checker and enforcement

John the Ripper is a free open source password cracker that uses a dictionary of over 4 million commonly used passwords in many languages. Because this tool this widely available, it is useful for scanning and securing your own LAN and computers for password strength. Install: 

sudo apt-get install john
  • Passwdqc is a module to enforce password strength. Install: 
sudo apt-get install passwdqc

MD5Sum

To check the MD5 sum of a file, use this command in the command line: 

md5sum filename

Filenames with spaces

  • Filenames or folder names with spaces in them should be enclosed with parentheses (" "). For example, to change to a directory named "This Dir" or "/home/This Dir", use the command: 
cd "This Dir"
or 
cd /home/"This Dir"
  • Alternatively, a space in a filename or folder name can be preceded with a backslash. For example, to change to a directory named "This Dir" or "/home/This Dir": 
cd This\ Dir
or 
cd /home/This\ Dir

Alien

Alien is a method for converting (Red Hat) .rpm packages into (Debian) .deb packages. It is not reliable and converted packages must be tested extensively for functionality, with line changes often required. It is often more reliable to create (Debian) .deb packages from source, and even the Alien software maintainers do not recommend using Alien for important packages. To keep alien from changing the version number, use the following command 

alien -k rpm_file_name.rpm

Convert the package.rpm into a package.deb 

alien -d package-name.rpm

Convert the package.rpm into a package.deb, and install the generated package 

alien -i package-name.rpm

To convert .rpm to debian 

sudo alien -k *.rpm

Software Troubleshooting

Permissions error on program startup

If you get a permissions error, try the following: 

sudo chown -R user /home/user
Note: Replace user with the actual username. This command changes the owner of the folder /home/user to user. -R means "recursively", i.e. including all subfolders.

CD-ROM Troubleshooting

If you receive the "cdrecord has no permission to open the device" error while burning using a CD burner, open a terminal and type: 

 sudo chmod 777 /dev/scd0
Note: replace "/dev/scd0" with your own device.
Note: chmod 777 is the universal option for granting full permission to a folder. The 777 mask indicates that read, write, and execute permission is given to all users.

Licenses

Linux is largely a community of volunteers and as such represents one of the largest altruistic efforts on earth. This includes companies who decide to contribute their own software into the public domain for free use. The continued success of sharing depends on licenses that keep software free and usable for anyone who wants to use it. However, there must be a method for Linux users and developers to make money, as well. Licensing helps protect each of these efforts. See the Wikipedia Free Software Licensing article and the GNU operating system licensing page for more complete information.

GPL license

The GPLv3 license (and the Affero GPLv3 license for network-based software) intends that the software module or package is free to use in any environment, and furthermore, any software that relies on that GPLv3-licensed module must in turn also be completely free. Commercial and proprietary software packages can't use or incorporate GPLv3-licensed modules.

LGPL license

The Lesser GPL license intends that the software module or package is free to use in any environment, including in commercial and proprietary software packages. This allows companies to develop proprietary packages which includes LGPL-licensed modules, from which they can make a profit. The disadvantage is that their products (which benefit from the LGPL-licensed modules) are not required to be in the public domain in turn. (Many companies often later donate their entire package into the public domain, however, after they no longer make a profit from them.)

Apache license

The Apache license has been around a long time. It is compatible with the GPLv3 license, but, unlike the GPLv3 license, it does not require modified software to retain the Apache license. In other words, Apache-licensed software can be modified and the modified software then made proprietary (and therefore not returned to the open source community).

BSD license

The BSD license is similar to a public domain license. There are currently many confusing iterations of the BSD license, mostly regarding attribution notices and advertising that is required to be provided along with any software derivatives. The BSD license allows the option of propagation of either (otherwise-licensed) free open source restrictions or proprietary restrictions. It therefore allows a mix of (otherwise-licensed) proprietary modules and open sourced-licensed modules to co-exist in the same package. This flexibility has made the BSD license popular with complex distributions (such as the (BSD Unix-based) Mac OS X operating system, for example.

Proprietary licenses

There is a vast array of proprietary licenses, all different. You never know what your limitations for software are unless you read every word. Most are attempts by lawyers to have an opportunity to create a lawsuit in the future. Some may be called "free" licenses but have many limitations which you will not be aware of until you are in the middle of a lawsuit. No license outside of the GPLv3 license is recommended. Be careful when committing your organization to a mission-critical software package with a proprietary license. Also see this outstanding article on the Open Source Enterprise Trap.

Requests

eBook version of this guide

  • See the Books Category for free Ubuntu eBooks based on this help guide.
  • There is an option in the menu bar at the left entitled "Printable version" which formats pages for easier printing. You can print this (or any other document) to a PDF file easily. By default, Ubuntu includes a "Print to File" option from its Print menu. Use this option to print anything appearing in your browser into a PDF file. From Firefox (or any other browser or program):
File -> Print -> Print to File -> Output Format: PDF

Import this guide into another wiki

  • How do I import a copy of Ubuntuguide into my own wiki?
See this page.

Reviews

Other requested topics

Place your requests here.

  • How can I contribute?
Register and then add your suggestions directly to the wiki.

Public Service Announcement

  • In the United States, two legislative bills were drafted to shut down a large part of the Internet in that country, at the behest of attorneys for and politicians lobbied by the entertainment industry there. If you are a resident of that country, you should read this comprehensive article about SOPA and PIPA and this Stanford Law Review analysis and then write to your local legislative representative about the likely severe unintended consequences of these misguided bills. As an alternative to these bills (and in response to worldwide protests), the OPEN bill has been drafted.
  • Protecting copyrights, patents, and intellectual property is a worthwhile goal. When governments take draconian measures to enforce questionable claims of infringement and damages, however, bad things such as complete shutdown of the internet (as happened in China recently) begin to occur. Recognition of this type of problem has caused protest and examination of the EU's ACTA and Canada's C-11 Bill to ensure that interruption of the basic mechanics of the Internet does not result from the (often ill-conceived) pursuit of "pirates."


This guide is maintained at the Linux Center of the University of Latvia.
Please help test and perfect this guide. To edit pages you need to register.


Boot from a Live CD

To boot from any CD (Including LiveCDs), you must make sure that your BIOS bootup settings allow this. This is usually changed from the BIOS setup menu. The BIOS bootup menu is usually accessed during the first few seconds after powering on your computer.

The BIOS setup access key is often displayed on your screen (often it is the F2, Delete, or F10 key), depending on your BIOS. Further, most recent BIOS's allow a one-time choice of the bootup medium, so that either a CD or USB can be chosen as the bootup medium on a one-time basis (without changing the regular BIOS settings).

If the BIOS on your computer does not allow a one-time bootup-medium choice and you must change the regular BIOS settings temporarily, then enter the BIOS setup menu and hunt around for the settings for Bootup device priority (sometimes in the Advanced Setup menu). Make sure your CD/DVD optical drive is listed as the first boot device, before the hard drive.

If you intend to use a LiveUSB installation instead of a LiveCD, then set the boot order so that the USB drive is listed first, before the hard drive. (Obviously, your BIOS must allow booting from a USB drive for this option to be available.)

Once you have installed all your operating systems from the LiveCDs or LiveUSBs (or finished using other bootable LiveCDs or LiveUSBs such as GParted), you can reset the first bootup device to be the hard drive again.

After installation, most security experts then recommend restricting bootup to the hard drive only. A BIOS password should also be created so that the BIOS bootup settings cannot be changed by a casual passerby. In this manner a casual passerby will not be able to boot their own LiveCD or LiveUSB onto your computer (and thereby potentially change your computer without your permission).

Multiple OS Installation

These instructions are for installing more than two operating systems on your hard drive. If you only need two operating systems (such as a Windows installation and a (K)ubuntu Linux installation), it is easiest to just use the (K)ubuntu installer to do it for you (as detailed on the main page).

Warning: As of version 9.10 (Karmic Koala), the (K)Ubuntu Desktop edition LiveCD installer uses Grub2 (which is difficult to customize) and does not allow the specific steps needed in this tutorial. DO NOT USE the Karmic Koala Desktop edition LiveCD for installation if you have a dedicated boot partition, use more than 2 operating systems, or chainload bootloaders. The (K)ubuntu Desktop edition LiveCD installer will overwrite your Master Boot Record and you will then be forced to re-create it later. This is a flaw in the LiveCD installer of Karmic Koala. Install the Alternate CD edition instead, or even the Ubuntu Server edition (and then add the ubuntu-desktop afterwards).

Warning: During installation of 10.04 (Lucid Lynx) and later, there is an advanced option (Ready to install -> Summary -> Advanced) to choose whether to install the GRUB2 bootloader into both the partition into which the (K)Ubuntu OS is installed as well as the Master Boot Record MBR) or just to install it into the partition into which the (K)Ubuntu OS is installed (only). If your system uses a boot partition, uses multiple OS (more than 2), or chainloads bootloaders then pay careful attention during this step. For systems with boot partitions that have already been configured (and to which the Master Boot Record already refers to as the partition which contains the initial bootloader), it is best not to overwrite the MBR during any OS installation.

  • Example, from the Desktop version GUI installer, a point in the installation will be reached:
Ready to install -> Summary -> Advanced -> Device for boot loader installation: /dev/sda6

In this example, this setting will cause the GRUB2 bootloader to be installed into /dev/sda6 only (the partition into which the new (K)Ubuntu OS is being installed). The MBR (Master Boot Record) will not be changed. However, if the default setting of /dev/sda were to be chosen, GRUB2 would not only be installed into partition /dev/sda6 (into which the (K)Ubuntu OS is installed) but also the MBR (designated as /dev/sda) would be changed. The copy of GRUB2 stored in /dev/sda6 wwould then be designated by the MBR as the master bootloader for all Operating Systems on the entire computer. This is undesirable if you wish to use a master bootloader (such as Grub Legacy stored in the boot partition) instead of GRUB2.

Introduction

The method described here involves creating a small boot partition in which to store a set of Grub bootloader configuration files. (These files will be created during the first Ubuntu Linux OS installation and then copied to the boot partition where they can subsequently be edited.) The initial Grub menu will always be kept in this small boot partition. Each operating system will then keep its own set of bootloader configuration files within its own partition. The Grub menu residing in the boot partition will be only be used to chainload the specific bootloader files stored in the partition of whichever operating system is chosen from the menu (no matter whether the chosen operating system is a Windows, Mac, (K)ubuntu, or other Linux operating system).

Each operating system can therefore use the bootloader/configuration file that is peculiar to it, storing it in its own partition. If the kernel, filesystem, or even the bootloader files for that operating system changes (within its own partition) for any reason, it will not affect the kernel, filesystem, or bootloader files of the operating systems stored in the other partitions. It will also not affect the primary bootup menu (stored in the boot partition), and each operating system will be able keep its own independent bootup process intact.

This avoids a common problem with many operating system installers (including Ubuntu) which attempt to impose a single bootloader on all the operating systems residing on a hard drive. The installer overwrites the Master Boot Record so that it only points to the bootloader installed with that operating system (within that operating system's partition). When this happens, the bootloader files can only be edited while running that particular operating system and cannot be adjusted by any other operating system. Further, after this happens several times (following multiple OS installations), it eventually becomes difficult to remember which partition has the bootloader configuration files that the Master Boot Record points to. With the chainloading method, you don't have to worry about that, any longer. The Master Boot Record will be set to point to the bootloader configuration files stored in the boot partition at all times. Once this is set up, the Master Boot Record need never be changed.

Here is some info about this method:

Using Grub Legacy for the boot partition

This method uses Grub Legacy as the bootloader to be installed to the boot partition (because it is the easiest to customize). Starting with Karmic Koala 9.10, however, Ubuntu/Kubuntu uses Grub 2 (instead of Grub Legacy) by default.

  • An easy and fast method is to use an Ubuntu Server edition 9.04 LiveCD (which uses Grub Legacy) to install the first instance of Ubuntu Linux (and Grub Legacy). Use the minimal install (i.e. don't install any extra packages), in the interest of speed. Proceed with the installation instructions that install Grub to the Master Boot Record, as well as installing a second copy of Grub Legacy to the local partition. Then copy the Grub Legacy settings to the boot partition as described. Edit the Grub Legacy menu settings stored in the boot partition so that chainloading to each planned partition is enabled.
Once this is finished, re-install a newer version of Ubuntu/Kubuntu to the same partition (overwriting the 9.04 server version). However, this time do not allow the new installation process to overwrite the Master Boot Record. (We want the Master Boot Record always to use Grub Legacy, not Grub2.) Install Grub2 (this time) to the local partition only. This method is described in further detail below.
  • A second method involves installing (K)Ubuntu completely (using the LiveCD installer), then removing Grub2 from the (K)Ubuntu partition. Grub Legacy is then temporarily installed in its place and copied to the boot partition. The Master Boot Record is set to refer to this copy of Grub Legacy stored in the boot partition. After this has been done, Grub Legacy is then removed from the (K)Ubuntu installation (but left in place in the boot partition) and Grub2 re-installed in the (K)Ubuntu partition's /boot directory once again. This method is described in further detail here.
  • Now the Master Boot Record will always use Grub Legacy (stored in the boot partition) merely as a chainloader to each subsequent partition, where that chosen partition's particular bootloader will be run directly from within the partition (no matter if it is a Windows partition's bootloader, a (K)Ubuntu partition's bootloader (e.g. Grub2), or a Mac partition's bootloader).

Partition design

Three primary partitions and one extended partition are allowed on your hard drive. The extended partition can be divided into a very large number of logical partitions. Each Windows installation will need to be installed on a primary partition. All the Linux (including Ubuntu/Kubuntu) installations, though, can (and should) exist in logical partitions, so you can have as many as you want. The swap partition, also, can (and should) live on a logical partition.

The easiest way to do this is to use the GParted Live CD as a partition manager, or using the GParted application directly from the Ubuntu LiveCD (Menu -> System -> Administration -> GParted) or KDE Partition Manager from newer versions of the Kubuntu LiveCD.

  • At the minimum you will need:
  • one primary partition for each Windows OS
  • an extra small primary partition (which can be resized later, in case is needed). If a Windows boot partition exists as a second NTFS partition, it should be left alone. If there is a Windows recovery partition also installed, it can also be left alone as long as there are only two NTFS partitions total on the hard drive (i.e. there is no NTFS boot partition as well). If there are a total of 3 NTFS partitions on the hard drive, then the third Windows NTFS partition (the recovery partition) should be removed after creating Recovery CDs from it (see here).
  • one primary partition for the small boot partition (for storing a set of GRUB files)
  • an extended partition for the Linux OSs (should be the last partition on the hard drive)
  • In general I make:
  • my Windows partition 20 - 30 Gb -- filesystem type NTFS (or can even be FAT32) and with the boot flag checked
  • my "extra" partition 2 Gb -- which I tend to format as filesystem FAT32 (but can be anything, including ext3). If this is a Windows boot (or recovery) partition, it can be left unchanged.
  • my Grub partition 50 - 100 Mb -- formatted to filesystem type ext3
  • the extended partition is the remainder
  • At the end of the hard drive I usually leave a few Gb of free space (to allow for extra logical partition needs that I have not foreseen). This can't be done unless the extended partition is the last partition.
  • I then divide the extended partition into logical partitions:
  • a /swap logical partition that is 2 Gb -- filesystem type linux-swap
  • a logical partition for the / (root) folder of each planned OS (at least 10 Gb each, but 20-50 Gb is better) -- formatted as ext3 (or ext4 if you are planning to use a newer Linux OS)
  • optionally, a logical partition for each specific use, such as for a groupware partition (like Kolab, for example). I make this about 20 Gb and format it as ext3, since most specific uses (like Kolab) will be comfortable with ext3. Another example is creating a partition for the /home directory.

Note: If you are re-arranging (re-partitioning and re-formatting) your hard drive after already having a Grub bootloader installed, you will not be able to boot into Windows (or anything else) until you re-install Grub as part of a Linux OS re-installation. Panic not. Just proceed in a calm and orderly fashion.

Windows partitions

It is easiest if your Windows partition is the first one installed. This is because the Windows bootloader looks for Windows in the first partition. Also, Windows installers are unpredictable and can overwrite anything that is already installed on the hard drive.

If you have a brand new computer with no OS pre-installed, partitioning and OS installation is much easier. Create all your partitions before installing Windows. Make the first partition NTFS (or the less secure FAT32, if you wish), intending it for the Windows installation. Then divide the remainder of the hard drive (using GParted) using the partitioning scheme outlined above.

Generally, a retail "boxed" version of Windows (instead of an OEM or "backup" copy) installs quite happily to the first pre-configured, pre-sized partition. Go ahead and install it there, then skip on ahead to installing the Linux OSs.

However, OEM and "backup" copies of Windows often have installation peculiarities (including pre-configured spamware, spyware, and specific hardware configurations) that will want to use the entire hard drive. Oh well, if you must, you must.

After doing so, you will then have to shrink the partition down to approximately 20-30 Gb (or your desired size).

Changing Windows partition sizes

Using Shrink Volume on Vista and Windows 7

Make sure you heed the warnings that you should change the size of Windows Vista and Windows 7 partitions from within Windows only (using Settings -> Control Panel -> Administrative Tools -> Computer Management -> Storage -> Disk Management -> Shrink Volume), or using specific Windows tools made exclusively for this purpose.

Unlike Windows XP (and earlier Windows versions), Vista and Windows 7 does not allow you to move the MFT (Master File Table) that controls the NTFS file structure. Inexplicably, Microsoft locates this near the middle (or end) of the partition, somewhat limiting the ability to resize (shrink) the partition completely. You will be able to gain some hard drive from the "Shrink Volume" command (under Settings -> Control Panel -> Administrative Tools -> Computer Management -> Storage -> Disk Management), but not all of of the hard drive. I knew of no partition software that could move the MFT to a different place on the hard drive safely, but this tutorial suggested that Perfect Disk worked for this purpose. I therefore tried the trial version of Perfect Disk, and it seemed to work for me very nicely. I was able to shrink my Vista partition, using the steps in the tutorial (and Perfect Disk), from 300 Gb to 74 Gb. This was perfect for me.

You must then reboot those Windows OSs (once or twice) to allow them to adjust themselves to the partition size change (before using GParted for any other tasks). I have ruined several Windows installations by using GParted to resize the partitions for Windows Vista and Windows 7, or by forgetting to reboot Windows prior to using GParted. During these reboots, the Windows bootloader stores information about the changed partition size in its configuration file. If it doesn't have the chance to do this, the Windows bootloader will no longer work properly, and you will not be able to boot Windows.

Reinstalling Vista or Windows 7 on a new partition

A popular way to regain a significant amount of your hard drive with Vista/Windows 7 is to first re-format and re-partition the hard drive, and then re-install Vista/Windows 7 afterwards. When this works, you can reinstall Vista/Windows 7 in as little as 30 Gb.

Using Windows Recovery Disks

For a Windows re-installation, you will either need a retail version of Windows or a "Recovery" disk provided by your OEM (computer) manufacturer. The "Recovery" disk must allow Windows re-installation to a partition of any size. (Some recovery disks only allow re-installation to the entire hard drive).

My eMachines, Dell, and Toshiba Recovery disks, for example, allowed re-installation to any size partition, but my HP Recovery Disks did not. The HP Recovery Disk erased the entire hard drive (and all the data on it) and re-created a single Windows partition. All partitions (and the data in them) were destroyed in the process. (I therefore do not recommend using HP Recovery disks for this method. For HP computers with a Recovery Disk, use the shrink volume method outlined above, instead).

Physical Recovery Disks are not always shipped with a new computer. For example, my eMachines box instead provided a utility (eMachines -> eMachines Recovery Management) to create (burn) a pair of Recovery DVDs using data stored on an image in a recovery partition. If your OEM manufacturer gives you a similar option of burning Recovery disks (instead of supplying Recovery CD/DVDs with your computer), make sure you burn these disks prior to reformatting/repartitioning your hard drive. If your hard drive becomes corrupted during the re-partitioning process and you haven't created Recovery Disks, it will be too late.

Once the Recovery Disks are burned, it is no longer necessary to keep the recovery partition (and Windows can be re-installed without it).

As outlined in my partitioning scheme, I reserved the first primary partition for Windows. This can either be left as free space at the beginning of the drive (to be formatted as NTFS by the Windows installer later), or it can be formatted (by GParted, for example) as an NTFS partition with the boot flag set. I left 60 Gb for this first primary partition area (although 40 Gb is probably more than enough, since my Vista re-install occupied only 22 Gb). The Windows Recovery disk was able to re-install Windows no matter which method I used. Since this was really a "new" install, I didn't have to worry about the MFT table location problem, which was placed by the Windows installer within the new partition without any difficulty.

Obviously, to completely re-install an operating system if you have been using your computer a long time would entail an awful lot of work. You would have to back up all your data files first, re-install all your programs after re-installing the operating system, and then restore the data files you had backed up. I wouldn't want to do this on anything but a new computer.

Windows XP (or earlier)

You can use GParted to resize a Windows XP partition directly (without needing re-installation), but it is still best to reboot Windows XP twice after resizing its partition (before taking any other steps with GParted). Review this tutorial's section "Making Shrink Volume Work." Although Windows XP does not have a shrink volume utility, to resize the partition using GParted, these steps must be taken anyway. Specifically:

  • Use the Disk Cleanup Wizard to remove unnecessary files.
  • Uninstall "deadwood" programs and unneeded/unwanted Windows Components (using Control Panel -> Add/Remove programs).
  • Disable System Restore (Control Panel -> System -> System Restore -> Turn off System Restore on all drives)
  • Disable the page file (Control Panel -> System -> Advanced -> Performance:Settings -> Advanced -> Virtual memory:Change -> No paging file (ticked) -> Set)
  • Disable debugging (Control Panel -> System -> Advanced -> Startup and Recovery:Settings -> Write debugging information: (none) )
  • Disable Hibernation (Control panel -> Power Options -> Hibernate -> Enable hibernation (unticked) )

then reboot once (which will erase the C:\pagefile.sys file). Defragment the hard drive. Then log off Windows and start GParted. Now you will be able to shrink the XP partition.

  • After resizing the NTFS Windows partition, quit GParted and log into Windows again. Chkdsk will be run automatically and the computer will reboot. Login to a user account in Windows. It will prompt you to reinstall new hardware (the resized partition). Accept. Now turn back on the services turned off in the steps listed above, in reverse order. To be safe, log off Windows and log in one extra time. Now you are finished resizing the Windows XP partition and can proceed to other disk manipulations with GParted (or other activities such as installing (K)Ubuntu).

Windows bootloaders

The Windows bootloader stores information about how big the partitions on the hard drive are. If you change a partition size, Windows checks the new partition size at the very next reboot (using either chkdsk in XP or a new utility in Vista/Windows 7). It then writes that info to its bootloader configuration file. If you start mucking around with other partitions before it has a chance to record the changes and reset itself accordingly, the Windows bootloader will not be able to read the partition table properly (and will then refuse to boot entirely).

Since Grub boots Windows merely by chainloading the Windows bootloader, if the Windows bootloader doesn't work (i.e. doesn't recognize its own changed partition), then you are sunk.

If you ignore these warnings, I almost guarantee you will fry your Windows partitioning scheme and be unable to boot up Windows.

Install your first Linux OS

  • Install Ubuntu server -> (the usual pleasantries about language and mice and keyboards and stuff)

-> "Starting up the partitioner" -> Partition Disks: Manual

  • When you see the list of partitions, you will have to configure them manually.
  • You should note the small (50-100 Mb) boot partition that was previously created for use as the partition for the Grub chainloader files. In my example it is /dev/sda3. Make a note of what yours is named.
  • Configure the swap partition.
  • This shouldn't need configuring if you set it up properly with GParted.
  • You can make sure that Use as: swap area is set.
  • Configure the root partition for the OS. Choose one of your logical partitions, which in my scheme is #6, is ext3, and has about 30 Gb.
  • Use as: Ext3 journaling file system.
  • Format the partition: Yes, format it
  • Mount point: / - the root file system
  • Bootable flag: off
Note: You should write down which device this / (root) partition is on. You will need this information later for Grub settings. On mine, it is /dev/sda6.

-> Finish partitioning and write changes to disk -> "Installing the base system" -> ... ->

->"Install the Grub boot loader to the master boot record?": YES -> Continue

  • In this step, Grub must be installed both on the MBR (master boot record) as well as locally on the partition being installed (in this example /dev/sda6). The local version will be chainloaded by the MBR version. Therefore, install Grub a second time:

-> Go Back -> Install the Grub boot loader on a hard disk -> "Install the Grub boot loader to the master boot record?": NO -> Device for boot loader installation: /dev/sda6 -> Continue

Copy boot files to the small Grub partition

  • Boot into your newly-installed Ubuntu 9.04 OS. Open a command-line terminal (if you have installed a desktop).
  • Make a new directory and mount it in your new Ubuntu OS. 
sudo mkdir /media/GRUBpartition
sudo mount /dev/sda3 -t ext3 /media/GRUBpartition
sudo mkdir /media/GRUBpartition/boot
sudo mkdir /media/GRUBpartition/boot/grub
Note: Use whatever the device name of your small Grub partition is (mine is /dev/sda3)
  • Make sure there are full read/write write permissions (this step may be optional). 
sudo chmod 777 /media/GRUBpartition/boot/grub
  • Copy all your grub files to the new partition 
sudo cp -r /boot/grub/* /media/GRUBpartition/boot/grub
  • Edit the menu.lst 
sudo nano /media/GRUBpartition/boot/grub/menu.lst
  • Place a chainloader entry as the first entry: 
## ## End Default Options ##
title  First (K)ubuntu OS (chainloader)
rootnoverify	(hd0,5)
chainloader	+1

title Second (K)ubuntu OS (chainloader)
rootnoverify   (hd0,6)
chainloader    +1

This assumes your first installed OS has its / (root) directory in /dev/hda6 (as in my example above). Grub Legacy counts the first partition as 0, so sda6 becomes (hd0,5), or hard drive 1 (it starts counting at zero), partition 6). If you want to chainload a bootloader on a second hard drive, partition 4 (/dev/sdb4), you would specify (hd1,3), instead, for example.

(I also put it an entry for my second planned OS, even though I haven't installed it yet. That will save me time later. For more examples, see this section.)

  • Return the permissions so that only root can change or execute the files: 
sudo chmod 744 /media/GRUBpartition/boot/grub
sudo chmod 744 /media/GRUBpartition/boot/grub/*

Reinstall Grub to MBR

Now that the files are copied, we need to tell Grub Legacy to look for them there. Do this step from your Ubuntu 9.04 OS command-line terminal.

  • Start Grub Legacy: 
sudo grub
grub> find /boot/grub/stage1

You should see the places there are grub configuration files. 

(hd0,2)
(hd0,5)

Note that (hd0,2) corresponds to the small Grub partition (/dev/sda3), according to the counting method outline above. (hd0,5) corresponds to your first Linux OS (in the example /dev/sda6).

  • Make the small Grub partition the loadable Grub location. 
grub> root (hd0,2)
grub> setup (hd0)
grub> quit

Install your second Linux OS

Again I'm going to use (K)ubuntu for the example, although any OS can now be installed.

  • Reboot into an Ubuntu LiveCD (I recommend a Server or Alternate edition, because some Desktop editions overwrite the Master Boot Record automatically, which is not at all desirable at this stage).
  • Install Ubuntu server -> (the usual pleasantries about language and mice and keyboards and stuff)

--> "Starting up the partitioner" -> Partition Disks: Manual

  • When you see the list of partitions, you will have to configure them manually.
  • Configure the swap partition.
  • This shouldn't need configuring if you set it up properly with GParted.
  • You can make sure that Use as: swap area is set.
  • Configure the root partition for the OS. Choose one of your logical partitions, which in my scheme is #7, is ext4, and has about 30 Gb.
  • Use as: Ext4 journaling file system.
  • Format the partition: Yes, format it
  • Mount point: / - the root file system
  • Bootable flag: off
Note: You should write down which device the / (root) partition is on. You will need this information later for Grub settings. On mine, it is /dev/sda7.

-> Finish partitioning and write changes to disk. (It is OK to format the swap and / (root) partitions.) -> "Installing the base system" -> ... ->

  • "Installing Grub boot loader" ->
  • "Install the Grub boot loader to the master boot record?": NO
  • "Install the Grub boot loader on a hard disk": /dev/sda7
Use whichever device that corresponds to your / (root) directory for this OS, of course.
This ensures that the Grub bootloader is installed to this OS's partition, as well.
  • Finish installation and reboot. This system ought to be selected as the Second Ubuntu OS, obviously.
  • Note: Once you have booted into this OS, you can now edit the chainloaded GRUB bootloader's local settings for this OS (at /boot/grub/menu.lst or /etc/default/grub) as usual, as you can for the first installed OS as well.

Changing main Grub boot menu settings

  • You can edit the local (chainloaded) Grub boot menu for each Linux OS that uses Grub Legacy (within the partition in which it is installed), if desired: 
sudo nano /boot/grub/menu.lst
(kate can be used instead of nano as the text editor in Kubuntu, or gedit instead of nano in Ubuntu.)
  • You can edit the local (chainloaded) Grub boot menu for each Linux OS that uses Grub2 (within the partition in which it is installed), if desired (see these instructions): 
sudo nano /etc/default/grub
sudo grub-mkconfig --output=/boot/grub/grub.cfg
  • To change the main Grub boot menu, you will have to change the menu.lst found on the small Grub boot partition.
  • If you are doing this from a Linux OS other than the first one you installed, again make a new directory for mounting: 
sudo mkdir /media/GRUBpartition
  • Mount the directory 
sudo mount /dev/sda3 -t ext3 /media/GRUBpartition
Note: Use whatever the device name of your small Grub partition is (mine is /dev/sda3)
  • Make sure there are full read/write write permissions (optional). 
sudo chmod 777 /media/GRUBpartition/boot/grub/menu.lst
  • Edit the menu.lst 
sudo nano /media/GRUBpartition/boot/grub/menu.lst
  • Edit or add new chainloader entries: 
## ## End Default Options ##
title  First (K)ubuntu OS (chainloader)
rootnoverify	(hd0,5)
chainloader	+1

title Second (K)ubuntu OS (chainloader)
rootnoverify   (hd0,6)
chainloader    +1

title Newest Whizbang OS on second hard drive, partition 4 (chainloader)
rootnoverify   (hd1, 3)
chainloader    +1
Grub starts counting from 0, so the first hard drive is number 0 and the first partition is also number 0. sda6 (which is hard drive 1, partition 6) becomes (hd0,5). If you want to chainload a bootloader on a second hard drive, partition 4 (/dev/sdb4), you would specify (hd1,3).
  • For (K)Ubuntu 10.04 or later, the menu item for chainloading should be (if the OS is in /dev/sda7): 
title Second (K)ubuntu OS (chainloader)
rootnoverify   (hd0,6)
kernel         /boot/grub/core.img
  • Return the permissions so that only root can change or execute the files (optional): 
sudo chmod 744 /media/GRUBpartition/boot/grub/menu.lst

Using UUIDs for the main Grub bootloader menu

Although newer bootloader configurations specify partitions using their UUID designation (instead of using the (hd0,x) designation), this is problematic for the primary Grub bootloader. In current OS installation paradigms, when an operating system is re-installed within a partition, the UUID of that partition is simultaneously changed by the installer. If the primary Grub bootloader were to reference a partition by its UUID instead of by its position on the drive, (i.e. (hd0,x)), the primary Grub bootloader would no longer be able to find the partition whenever a new operating system was installed within it (and its UUID simultaneously changed).

For this reason, the primary Grub bootloader in the /boot partition should always use the rootnoverify (hd0,x) (instead of UUIDs) nomenclature to identify partitions.

Add MacOSX entry

You can add a chainloader entry for a MAC OS that you might have installed on its own partition (installed with its own bootloader on the partition). Here's the entry for a MAC that is on partition /dev/sda9 (equivalent to (hd0,8): 

title Mac OS X
root (hd0,8)
makeactive
chainloader +1

Re-installing Grub Legacy after Windows upgrade or re-installation

Windows installations, re-installations, and upgrades rewrite the Master Boot Record so that it points to the Windows bootloader only (instead of to the copy of Grub in the boot partition). The Master Boot Record must therefore be re-written so that it will again point to the copy of Grub stored in your boot partition.

For this example, assume the boot partition is the /dev/sda3 partition (which is known as (hd0,2) to Grub Legacy).

You must use a version of a LiveCD that has Grub Legacy, i.e. Kubuntu/Ubuntu 9.04 (Jaunty) or earlier. Start the LiveCD and start a command-line terminal (Terminal in Ubuntu or Konsole in Kubuntu). From the command-line terminal start grub: 

sudo grub

Then enter the commands to restore the Master Boot Record to point to the boot partition at /dev/sda3: 

> root (hd0,2)
> setup (hd0)
> quit

Then reboot. Your previously created Grub bootup-menu options should again appear.

Other chainloader options

In Grub Legacy it is possible to specify the root of the partition to be chainloaded using a UUID instead of the hd(0,x) notation. If you do not know the UUID for the partition to be chainloaded, it can be discovered using: 

sudo blkid

Replace the 

root (hd0,6)

entry in the /boot/grub/menu.lst file (of the primary /boot partition)

with 

uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx represents the actual UUID of the partition to be chainloaded.

  • Example:
Replace the lines (in the /boot/grub/menu.lst file) 
root (hd0,9)
chainloader +1
with the lines 
uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
chainloader +1

This method works no matter which operating system is to be chainloaded. It will not work, however, for the operating system stored in (hd0,9) due to a quirk (see below).

Will it work for bootable devices (such as USB flashdrives) that have a UUID? I don't know -- I haven't tried it yet!

  • This next method will only work when the operating system in the chainloaded partition uses Grub Legacy (and has a local /boot/grub/menu.lst stored within the partition):
Replace the lines (in /boot/grub/menu.lst) 
root (hd0,9)
configfile /boot/grub/menu.lst
with the lines 
uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
configfile /boot/grub/menu.lst

Chainloading Grub2 from Grub Legacy

  • Grub2 is erratic. I no longer chainload it. Instead, it is possible to bypass Grub2 entirely and load an OS directly using Grub Legacy (stored in a boot partition, for example) using an entry in menu.lst of the format: 
title Kubuntu Oneiric OS (chainloader)
rootnoverify (hd0,6)
kernel /vmlinuz root=/dev/sda7 ro
initrd /initrd.img
  • My old method for chainloading Grub2 (installed in this example in the /dev/sda7 partition) from Grub Legacy used an entry in the Grub Legacy configuration file (/boot/grub/menu.lst, stored in the standalone boot partition with the Grub Legacy files) with this format: 
title (K)Ubuntu Oneiric OS (chainloader)
rootnoverify (hd0,6)
kernel /boot/grub/core.img

The (hd0,9) problem

Grub Legacy has a quirk -- it does not like to chainload (hd0,9) using the command chainloader +1. (Something about 9 + 1 = 10 requiring an extra digit, or something.)

Most people don't have more than 2 or 3 operating systems on their computer so it is usually not an issue. Here at Ubuntuguide, however, we chainload as many as 10 different OS on every machine (not including virtual machines).

If the operating system in a chainloaded partition happens to use Grub Legacy (and therefore uses /boot/grub/menu.lst locally), the alternative to 

chainloader +1

is to use the command 

configfile (hd0,9)/boot/grub/menu.lst

(This can be used for any partition in which the chainloaded operating system uses Grub Legacy, not just (hd0,9). It will not work, however, if the chainloaded operating system uses Grub2.)

This can alternatively be specified as 

rootnoverify (hd0,9)
/boot/grub/menu.lst
  • It is also possible to chainload by specifying the UUID for the chainloaded partition (hd0,9): 
uuid xxxxx-xxxx-xxxx-xxxx-xxxxx
/boot/grub/menu.lst

Of course, you must find out the UUID for (hd0,9) first: 

sudo blkid

Protecting Grub Legacy from cracking

Manipulating partitions on the hard drive

Most users that have multiple operating systems eventually choose to delete, resize, or re-arrange the partitions containing the operating systems. This can become an anxiety-producing task especially when it comes to ensuring subsequent bootup capabilities.

For techniques to accomplish this successfully (for systems that have been configured according to the guidelines above), see:

Manipulating Partitions

Most users that have multiple operating systems eventually choose to delete, resize, or re-arrange the partitions containing the operating systems. This can become an anxiety-producing task especially when it comes to ensuring subsequent bootup capabilities.

Use the (K)Ubuntu Desktop LiveCD

There are several tools that are required to accomplish partition-manipulation tasks, including GParted, KDE Partition Manager from newer versions of the Kubuntu LiveCD, and several Linux commands accomplished from within a Linux command-line terminal. The SystemRescueCD (which has been a preferred tool for many years) has all the required tools (and more), but uses as its operating system Gentoo Linux instead of Ubuntu Linux (so it may be less familiar to many (K)Ubuntu users). The Ubuntu Desktop LiveCD (32-bit regular version, Lucid 10.04LTS or later) can be used instead of SystemRescueCD for most hard disk manipulation tasks, and already has GParted included on it. (Kubuntu LiveCDs, Natty 11.04 or later, have KDE Partition Manager, which works almost identically to GParted.)

  • Download and burn onto CD/DVD a copy of the Ubuntu Desktop LiveCD (32-bit regular version, Lucid 10.04LTS or later) or Kubuntu Desktop LiveCD (Natty 11.04 or later).
  • Boot into the (K)Ubuntu Desktop LiveCD and start it with the "Try (K)Ubuntu" option (not the "Install" option).

Use GParted to manage partitions

(Note: These instructions can be accomplished in a similar fashion using the KDE Partition Manager from newer versions of the Kubuntu LiveCD as well.)

  • Start GParted from the Ubuntu Desktop LiveCD:
Menu -> System -> Administration -> GParted
  • A graphical display of all the partitions on your hard disk will be shown. If you have two hard disks on your system, they generally are referenced as /dev/sda and /dev/sdb (or sometimes /dev/hda and /dev/hdb). GParted works with only one hard disk at a time. To select which hard disk to work with, choose:
GParted menu -> Devices
  • Working with GParted is relatively intuitive. However, it is very easy to irreparably damage your system by undertaking changes without a thorough knowledge of partitions. It is highly recommended to read this article about multiple operating systems for an overview. Specifically heed the warnings about using GParted to change any NTFS partition on which a Windows OS systems resides. Windows has quirks and peculiarities about its OS partition that is better managed with Windows-specific tools. (NTFS partitions that do not have a Windows OS on them, however, can be managed with GParted.)
  • It is especially important to recognize that deleting or adding a partition will change the partition numbering scheme (and other partition characteristics) on the hard drive. This is the major consideration in reorganizing your hard drive. Bootloaders find and load operating systems based on their partition location, specified by the partition number on the disk or by a UUID associated with the partition, both of which can change when creating, changing, or deleting partitions.
  • GParted only allows changes to partitions that are subsequent to any locked partitions on a hard drive (locked partitions are designated in GParted with a key icon.) For this reason, it is best to have any partitions that are rarely likely to change and/or likely to be locked (e.g. boot partitions, the linux-swap partition, and Windows partitions that won't be manipulated) closer to the beginning of the hard drive and to locate Linux partitions that will be manipulated the most towards the end of the hard drive.
  • In general, the least problems occur when a test or temporary partition is the last one on the hard drive. Adding, deleting, or changing the last partition on a hard disk does not affect any of the preceding partitions, so it is the least troublesome. Whenever possible, relegate a temporary or test partition (and its operating system) to be the last partition of the hard drive.
  • Write down the details of all the partitions displayed in GParted on some scratch paper, and note any changes that are made by GParted as they are made. In specific, when GParted changes the designation of a partition (from /dev/sda8 to /dev/sda7, for example), note this carefully, as this information becomes critical later in changing bootloader settings.

One linux-swap partition per computer

  • Only one linux-swap partition is required for computers that will run only one operating system at a time. (This does not apply to the special case of virtual machines, but virtual machines do not use conventional partitions anyway. Virtual machines are not viewed by a computer as independent operating systems but instead are viewed as applications running within the primary operating system). If already present on a hard drive, the linux-swap partition is used by the Ubuntu LiveCD and therefore locked in GParted. If changes need to be made to the linux-swap partition itself, therefore, use the GParted LiveCD or SystemRescueCD instead of the Ubuntu LiveCD (and run GParted from one of them).
  • When installing, updating, re-arranging, or otherwise any Linux operating system, it is not necessary to alter the linux-swap partition in any way. The linux-swap partition is used by all Linux operating systems and is not peculiar to any Linux distribution. There is no need to recreate it, reformat it, nor change it in any way (except perhaps its size, which is ideally 2 Gb).

Creating and "moving" free space

There are two places free space ("unallocated space") can exist: within the extended partition (assuming that one exists) and on the hard disk outside the extended partition. Moving the free space so that it is inside or outside the extended partition is a skill that must be mastered in order to successfully manage partitions.

  • When free space exists outside the extended partition, it can be used to create or increase the size of any primary partition or the extended partition itself.
  • When free space exists within the extended partition, it can be used to create or increase the size of any logical partition within the extended partition.

In addition, the position of free space determines how it can be used. Free space can only be added to an existing partition if it is next to ("touching") that partition.

Free space can not itself be moved, however. Only partitions can be moved. "Moving free space" really means that partitions themselves must be moved in such a way that the free space "ends up" being in the desired location.

  • Free space can only be created by deleting or shrinking an existing partition. This is the critical decision in manipulating partitions. Which partition can be shrunk or deleted safely? (Again, be very careful not to shrink any partition with a Windows OS on it using Gparted.)

Creating or resizing a partition

GParted can create many types of partitions, including ext4, ext3, NTFS, and FAT32, which is the majority of partition types that most users will create. It can resize any of these types of partitions as well. However, resizing an NTFS partition that contains a Windows OS within it may cause problems with the Windows OS itself. (All NTFS and FAT32 partitions should also be defragmented before resizing.)

  • The most important decision will be whether a new partition will be a primary partition (to be used for a Windows operating system, for a Windows boot partition, or for a Grub Legacy boot partition), an extended partition (of which there can only be one per hard drive), or a logical partition that resides within a pre-existing extended partition. All Linux partitions can be in logical partitions.
  • To create or increase the size of a logical partition within the extended partition, the extended partition itself must already be big enough to accommodate the new logical partition or its new size. To increase the size of the extended partition itself, there must be free space available outside the extended partition and contiguous to it ("touching" it). This requires manipulating the exsting partitions (by moving them and/or shrinking them) until the free space is in the necessary position. Once the free space is contiguous with (and outside) the extended partition, the size of the extended partition can be increased. This will have the effect of moving the free space into the extended partition.
  • Once the free space is within the extended partition, it can be used to create or increase the size of a logical partition. To increase the size of a logical partition, the free space must be contiguous to (i.e. "touching") that logical partition by rearranging the positions of the existing logical partitions within the extended partition.

Changing Grub Legacy in a boot partition

When partitions have been moved, added, or deleted, the position and designation of all partitions on a hard drive may change. For example, if the /dev/sda7 partition is deleted, a partition that previously was designated as /dev/sda8 will now become /dev/sda7.

Grub Legacy (sometimes used in a freestanding boot partition) often boots operating systems by referring to the partition (in which the OS is located) by its position on the hard drive. In Grub Legacy, the position /dev/sda7 is referred to as (hd0,6), for example, and /dev/sdb2 is referred to as (hd1,1).

After manipulating partitions on a hard disk, therefore, the main Grub Legacy menu.lst (that resides on the boot partition) needs to be edited. This can be done by starting a command-line terminal from the Ubuntu LiveCD:

Menu -> Applications -> Accessories -> Terminal

Then follow the instructions here.

Changing Grub2 in a changed partition

Note: This section is being edited.

The hardest thing to do is to change Grub or Grub Legacy that exists within a partition that has been changed or moved. If that partition uses Grub2, then the Grub2 bootloader within that partition can be reconstructed using the Ubuntu LiveCD and then stored within that partition once again.

For example, if a (K)Ubuntu operating system (Karmic 9.10 or later) has been moved from /dev/sda8 and now resides at /dev/sda7, Grub2 can be reinstalled on that partition for the (K)Ubuntu operating system there using the Ubuntu LiveCD. Open the command-line terminal from the Ubuntu LiveCD:

Menu -> Applications -> Accessories -> Terminal

and use the command: 

sudo grub-install /dev/sda7

Booting (K)Ubuntu manually from Grub Legacy

When a partition has been changed whose operating system contains a Grub2 bootloader, the Grub2 bootloader might no longer function. If, however, a Grub Legacy bootloader has been previously installed in its own boot partition on the system (as is recommended here), the Grub Legacy bootloader can be used to manually boot the operating system. (Once the operating system has been manually booted, Grub2 can then be reconstructed from within the running OS.)

  • Reboot the computer without using the Ubuntu LiveCD. When the Grub Legacy menu appears, enter the Grub Legacy command line (using the command c ):

In newer versions of (K)Ubuntu there are symbolic links to the current kernel files, so the following commands can be entered at the grub prompt (the example assumes the OS is in the partition at /dev/sda7): 

grub> root (hd0,6)
grub> kernel /vmlinuz root=/dev/sda7 ro
grub> initrd /initrd.img
grub> boot

In newer versions of (K)Ubuntu, the following commands can also be used (if the core.img has not been changed during updates): 

grub> root (hd0,6)
grub> kernel /boot/grub/core.img
grub> boot
  • Once the OS has successfully booted, the Grub2 bootloader within it can be reconstructed using the instructions here.

Discovering the current kernel files manually

In older versions of (K)Ubuntu, symbolic links were not included to the current kernel files. For those versions, the kernel files must be discovered and then entered into the Grub Legacy command line manually.

  • Discover the current kernel used by the OS. Using the Ubuntu LiveCD, open a command-line Terminal:
Menu -> Applications -> Accessories -> Terminal

If the designation of the partition is currently /dev/sda7, create a mount point for the partition. Use ext4 if the partition uses an ext4 filesystem or ext3 if it uses an ext3 filesystem. If you are unsure about the partition's filesystem type or designation, use GParted from the Ubuntu LiveCD to find out. 

sudo mkdir /media/sda7
sudo mount -t ext4 /dev/sda7 /media/sda7
cd /media/sda7/boot
ls

Write down the most recent vmlinuz and initrd files listed there. As an example, the latest files may be vmlinuz-2.6.32-21-generic and initrd.img-2.6.32-21-generic

  • Reboot the system and at the Grub Legacy menu, enter the Grub Legacy command line (using the command c ). then enter the commands at the grub prompt: 
grub> root (hd0,6)
grub> kernel /boot/vmlinuz-2.6.32-21-generic root=/dev/sda7 ro
grub> initrd /boot/initrd.img-2.6.32-21-generic
grub> boot
  • Once the operating system has successfully booted, Grub2 can be reconfigured using the instructions here.

Changing Grub Legacy in a changed partition

Generally, only versions of (K)Ubuntu prior to Karmic use Grub Legacy by default. (Only Hardy and Dapper are still supported.) The local Grub Legacy menu.lst of one of these versions must be edited manually, using the instructions here.


Virtualbox in Windows

Virtualbox (by Sun) has some advantages and disadvantages. There is a free proprietary edition as well as a subscription-based enterprise edition. The free edition only allows usage of a 32-bit operating system (as the guest OS) whereas the subscription edition allows a 64-bit guest OS. (Both require registration.) There is also has a free open source edition, but this is not easy to install in Windows (unlike in Linux). Virtualbox is available for all operating system platforms, and therefore a virtual machine created in one operating system (Windows, Apple, Linux) can be used in another. Furthermore, it is possible to convert virtual machines created in Virtualbox to VMWare and vice versa.

I find both the installation process and the interface for Virtualbox quite user friendly (as I do VMWare). So far I have had few difficulties with Virtualbox and recommend it.

Install Virtualbox in Windows

  • Obtain and download a copy of the Virtualbox (binary) installer for your (Windows) operating system here.
  • Install the program, following the prompts.
  • Start Virtualbox
Start menu -> Programs -> Sun Virtualbox -> Virtualbox

(Optional: Of course, if you would like Virtualbox to start every time you run Windows, you can copy the Virtualbox shortcut into the Start menu -> Programs -> Startup folder.)

  • Create a new virtual machine:
Virtualbox -> New -> Next ->
Name: UbuntuVirtualServer
Operating System: Linux
Version: Ubuntu
-> Next -> Memory: Base memory size: 1024 Mb
Note: Use the amount of RAM for the virtual machine that you can afford. Linux requires less memory to run than does Windows, but the amount of RAM that you dedicate to the virtual machine in this step will not be available to the Windows host. On my laptop, I have 3 Gb RAM, so I dedicate 1024 Mb (1 Gb) to the virtual machine in this step and leave 2 Gb for Windows. You should always leave at least 1 Gb RAM for Windows (or it will run painfully slowly). Linux is able to run with only 512 Mb in server mode or 1 Gb in desktop mode (perhaps even less).
-> Next -> Virtual Hard Disk ->
Boot Hard Disk (Primary Master): (ticked)
Create new hard disk: (ticked)
-> Next -> Next -> Hard disk storage type:Dynamically expanding storage: (ticked)
-> Next -> Virtual Disk Location and Size:
Location: UbuntuVirtualServer
Size: 8.00 GB

Note: Use whatever size you can afford in Windows. This will take space from your hard drive (so make sure it is available to begin with). A Linux server can easily run in 8 GB, but if you plan to run a GUI desktop in addition (the Ubuntu desktop or Kubuntu desktop, for example), you should consider making this between 10 -20 GB. However, because you have chosen the dynamically expanding storage in the preceding step, the virtual machine will automatically expand storage later if you guess wrong here. (I usually just accept 8 GB.)

-> Finish.

Now you will have a new virtual machine. You can create multiple virtual machines, in this fashion. If you desire, you can run each new virtual machine simultaneously (if you have enough RAM and hard drive resources).

Install Ubuntu edition for virtual machines

There is a version of the Ubuntu server that is optimised for usage within a virtual machine. It is provided on the Ubuntu Server edition LiveCD. The LiveCD image (.iso) found here can be downloaded onto your hard drive. It can then be installed directly into your virtual machine from the hard drive. Alternatively, you can also burn the .iso image onto a CD and install Ubuntu Server into the virtual machine from the CD. Both methods work identically during the Ubuntu Server installation process.

The free version of Virtualbox only allows the use of a 32-bit operating system as a guest OS, so you should download the 32-bit Ubuntu server (.iso) image.

  • Start the virtual machine you created in the previous step.
Virtualbox -> Ubuntu Virtual Server (highlighted) -> Start
The "First Run Wizard" will prompt for the location of the installation disk -> Next ->
CD/DVD-ROM device (ticked) ->
Media Source:
  • select the CD-ROM drive (if you burned the LiveCD (.iso) image onto a physical CD), or
  • browse for the folder where you stored the (.iso) image onto your hard drive (if you did not burn it to a physical CD)
-> Next ->
  • Install Ubuntu server virtual machine edition:

The First Run Wizard will automatically start the LiveCD from the location you indicated, and you will see the Ubuntu Server LiveCD screen.

  • Choose language: English ->
  • Important: note this step carefully! Select the minimal virtual machine installation mode:
* Click the F4 (modes) key -> Install a minimal virtual machine ->
  • Install Ubuntu Server
  • Select your installation options. When asked about partitioning, use the guided partitioning method and use the entire disk. This uses the entire virtual machine disk (which is 8 GB or whatever size you created when creating the virtual machine), not the entire physical hard drive disk.
  • Finish the remainder of the Ubuntu server installation. At the conclusion the Ubuntu system will automatically reboot within the virtual machine. When it restarts, you will then have a fully function Ubuntu Server within the virtual machine. Immediately update the operating system: 
sudo apt-get update
sudo apt-get upgrade

Install a desktop

This is a decision that is difficult to make. Having an Ubuntu or Kubuntu GUI desktop is nice, but it also slows down the virtual machine server considerably and takes a large chunk of the 8.00 GB virtual disk (which may need to be dynamically expanded and thereby occupy more space on your hard-drive).

If you intend to use many of the features of Ubuntu or Kubuntu, this is worthwhile. Install a desktop: 

sudo apt-get install ubuntu-desktop
or 
sudo apt-get install kubuntu-desktop
  • After all the packages are installed, restart the OS within the virtual machine and you should now boot into the GUI desktop.

Install Linux Guest Additions

If you have installed a (K)ubuntu desktop, you will definitely need this for functionality. There are quirks. A general introduction is found at the VirtualBox Manual. The Guest Additions are contained within the VBoxGuestAdditions.iso CD image file contained within the VirtualBox installation folder (on my Windows system it is in the C:\Program Files\Sun\VirtualBox folder). (If there are errors using this file, it must be copied to a neutral location (such the Documents folder) and used from there.)

  • Mount the VBoxGuestAdditions.iso as a virtual CD-ROM device (for the virtual machine you have created in the preceding steps). (The virtual machine must be stopped while doing this).
VirtualBox -> Machine -> Settings -> Storage
-> Add CD/DVD Device (CD icon with green + sign) -> Atrributes -> CD/DVD Device: VBoxGuestAdditions.iso
  • Start the virtual machine.
  • From a command-line terminal (Terminal in Ubuntu or Konsole in Kubuntu), change to the CD-ROM/DVD directory: 
cd /media/cdrom0
  • Install prerequisites: 
sudo apt-get install dkms
  • Run the Guest Additions binary: 
sudo ./VBoxGuesatAdditions-Linux-x86.run

(If you are using a 64-bit edition of Ubuntu as a guest OS, see the VirtualBox Manual for additional instructions. Because this is not an option with free versions of VirtualBox, I will not discuss it here).

  • Once the installation is complete, you can unmount the VBoxGuestAdditions.iso as a virtual CD. (The virtual machine must be stopped while doing this).
VirtualBox -> Machine -> Settings -> Storage -> Storage Tree
-> VBoxGuestAdditions.iso -> Removes the attachment highlighted in the Storage Tree (CD icon with green - sign) -> Remove

Creating shared folders

This is a folder on your Windows host that will be shared with the Ubuntu virtual machine. An extremely nice feature. The GuestAdditions must be installed to use this feature. See the VirtualBox manual on Shared folders for more information.

  • With the virtual machine stopped, designate a shared folder. In my example I use a folder in Windows that is already commonly shared (C:\Users\Public\Documents).
VirtualBox -> Machine -> Settings -> General -> Shared Folders
-> Add Shared Folders (Ins) (Folder icon with a + symbol)
-> Folder Path: Other -> C:\Users\Public\Documents
-> Folder Name: PublicDocuments
  • Start the virtual machine.
  • Create a folder that will be associated with the shared Windows folder: 
sudo mkdir /media/windows-shared
  • Test that the Windows shared folder can be mounted: 
sudo mount -t vboxsf PublicDocuments /media/windows-shared
  • If there are no errors, then ensure the shared folder is mounted at every bootup of the virtual machine. Edit the /etc/fstab file: 
sudo nano /etc/fstab

(you can used gedit in Ubuntu or kate in Kubuntu instead of nano, if you'd like).

  • Add the line: 
PublicDocuments /media/windows-shared vboxsf defaults 0 0
  • Reboot the virtual machine (sudo reboot).
  • Access /media/windows-shared just like any other folder (from Nautilus or Dolphin, for example) within the virtual machine.
  • Access C:\Users\Public\Documents just like any other folder in the Windows host.

Android emulation

Android SDK emulator

Android SDK for Linux is a 32-bit Android emulator/software development kit. It incorporates a QEMU virtual machine framework as part of its installation. It provides a fully functional Android environment and apps can be installed from (and run within) the emulator.

  • Install the pre-requisites: 
sudo apt-get install ia32-libs default-jre

Note: ia32-libs is only needed on a 64-bit system. default-jre will also install open-jdk6-jre.

  • Download the Android SDK (e.g. android-skd_r18-linux.tgz from here and extract it (using Ark, for example) to its default folder ~/android-sdk-linux/ (i.e. /home/user/android-sdk-linux/): 
wget http://dl.google.com/android/android-sdk_r18-linux.tgz
tar xvf android-skd_r18-linux.tgz
  • Add the /home/user/android-sdk-linux/tools and /home/user/android-sdk-linux/platform-tools/ directories to the PATH for the user (or for the system) by editing /home/user/.profile (or /etc/profile for system-wide use): 
sudo nano /home/user/.profile

and adding this line at the end: 

export PATH=/home/user/android-sdk-linux/tools/:/home/user/android-sdk-linux/platform-tools/:$PATH

Save the file and then log out/log in (or reboot if changes were made to the system-wide config file).

  • Change to the /home/user/android-sdk-linux/tools directory and start the Android SDK Manager: 
cd /home/user/android-sdk-linux/tools
./android
  • Install the "Tools" by ticking the appropriate boxes -> Install Packages
  • Choose which Android version to emulate and install it.
  • Android SDK Manager -> Android 4.0.3 (API 15) (ticked) -> Install packages
  • Still within the Android SDK Manager, create a virtual machine ("AVD") with the desired Android system in it. The WXGA800 skin gives a widescreen (tablet) appearance:
Android SDK Manager -> Tools -> Manage AVDs -> New
-> Name: Android4 -> Target: Android 4.0.3 - API Level 15 -> Size (of virtual SDcard): 2 Gb -> Skin: Built-in: WXGA800 -> Hardware: Device ram size (in Mb): <click> on 1024 -> 512
-> Create AVD
At the time of the creation of the virtual machine it is possible to adjust the amount of RAM dedicated to your device (I personally only dedicate 384 Mb) or leave it at the default of 1024 Mb if your system has plenty of RAM.
  • Close the Android SDK Manager. Now the new Android virtual machine can be started from the command line terminal. (This command can also be added to a menu item.) 
emulator -avd Android4
where Android4 is the name of the virtual machine created in the previous step.
  • On less powerful computers, the startup of the emulator can be slow. Be patient.

Networking for Android SDK

Networking from the Android SDK virtual machine to my host computer's wired Ethernet connection was transparent upon installation. I required no additional configuration and all networking functions were operational.

Installing an app

Netflix Android App

A Netflix app for the Android market is available here or through the Amazon App marketplace. The Netflix app requires Android 2.3 or later. In my Android 4.0.3 emulator the Netflix app successfully downloads and installs (through the Amazon App marketplace) and I am able to login to my account.

Other references

  • A graphical installation guide Softpedia (2009).

Android-x86 in VirtualBox

In Virtualbox (or QEMU, VMWare, or other virtual environment), install Android-x86 using the installer burned to a CD or USB drive. Details:

  • From your favorite package manager (Muon, Synaptic, etc.) you can install the package virtualbox-qt, or from the command line: 
sudo apt-get install virtualbox-qt

Both the proprietary binary for VirtualBox and the necessary dependency virtualbox-dkms will be installed at the same time.

  • Download a version of the Android-x86 image (.iso) from here. I used the latest version for ASUS (eee) Netbooks.
  • Start VirtualBox:
Menu -> Utilities -> VirtualBox
  • Create a new Virtual Machine for the Android x-86 OS:
VirtualBox -> New -> Next -> Name: Android -> OS Type: Operating System: Linux -> Version: Linux 2.6
-> Next -> Base Memory Size: 512 Mb -> Next -> Virtual hard disk: Create new hard disk -> Next
-> File type: VDI -> Next -> Storage details: Dynamically allocated -> Next -> Location: Android
-> Size: 8 Gb -> Summary: Create
  • Tweak the VirtualBox Settings so that mouse capture is enabled for the newly created Android virtual machine. (Without this step you will not be able to use the mouse (or touchpad) in Android.):
Virtualbox -> Settings -> System -> Enable absolute pointing device (unticked)
  • Choose the downloaded Android-x86 (.iso) as a virtual CD-ROM to be used by VirtualBox:
VirtualBox -> Settings -> Storage -> Storage Tree: CD icon (Empty)
-> CD icon: Choose a virtual CD/DVD disk file ...
-> (click on the name of the downloaded android-x86-4.0-eeepc.iso file) -> Ok
  • Start the installation of android-x86 in the VirtualBox virtual machine:
VirtualBox -> Start --> Installation -- Install Android-x86 to hard disk
-> Choose Partition: Create/Modify partitions -> Ok -> New -> Primary -> Size (in MB): 8588
-> Bootable -> Write -> Are you sure you want to write the partition table to disk? (yes or no): yes -> <Enter>
-> Quit -> Please select a partition to install Android-x86: sda1 LINUX VBOX HARDDISK -> OK ->
-> Choose filesystem: ext3 -> OK -> Are you sure to format the partition sda1? -> Yes
-> Do you want to install bootloader GRUB? -> Yes -> Do you want to install /system as read-write? (yes or no)

Note: the partition in this step is not on your physical hard drive but is entirely within the virtual hard drive created in the previous step. You will not erase anything on your physical hard drive during this step; only the contents within the virtual hard drive are at stake (and to your physical hard drive, the virtual hard drive appears only as an 8 Gb file). There is no danger of harming your hard drive no matter what you do here! During installation of the Android OS, it makes sense to use the entire space of the newly created virtual hard drive (8 Gb if following the instructions outlined above) for the Android OS.

  • Once the installation is complete ("Congratulations! Android-x386 is installed successfully")
-> Run Android-x86

During the first run, you can use the TAB button to navigate between options, or by clicking on the Android virtual machine window, you can "capture" the mouse (a blue pointer should appear) for use by the Android virtual machine. To return to the (K)Ubuntu normal (white) mouse pointer, use the Right-Ctrl button.

-> Start -> (setup initial options as desired)
  • After completing the initial Android setup, shutdown the Android virtual machine and tweak the VirtualBox settings so that the virtual CD-ROM no longer uses the Android-x86.iso virtual CD:
VirtualBox -> Machine -> Close -> Power off the machine
-> Settings -> Storage -> CD-ROM icon (click) -> Host Drive DVD RW (select your physical CD/DVD drive, which should be listed) -> Passthrough ('ticked') -> OK
  • The Android-x86 website says that only Soundblaster 16 works as a VirtualBox soundcard for Android, so change the Audio settings for VirtualBox:
VirtualBox -> Settings -> Audio -> Audio controller: Soundblaster 16
  • Now when you Start the Android virtual machine, it should boot straight into Android.

Networking for Android-x86

  • These instructions were tested using the android-x86-4.0-RC1-eeepc version of Android-x86 and were adapted from those given here.
  • The Android OS only uses wireless networking (since no Android device has a wired Ethernet adapter or socket). This can be linked to the (K)Ubuntu host's wireless adapter using either the NAT or Bridged networking modes of VirtualBox.
  • If your (K)Ubuntu host only has a wired ethernet connection, then you will use the eth0 connection within Android. In the Networking settings (Virtualbox -> Settings -> Network -> Attached to:) you can use NAT or Bridged Adapter (eth0) but if you intend to use any server functions from Android, you must use the Bridged Adapter (eth0), so in general this is recommended. Start the Android virtual machine.
  • Make sure the host computer's firewall is off while testing connections.
  • Once the Android system has fully booted within the virtual machine, go to the root command-line using <ALT>-<F1>.
  • The command line can also be reached through the Terminal Emulator:
Android -> Home icon -> App menu icon -> Terminal Emulator
You may then need to become the superuser from the command-line: su
  • (This step may be optional and is suggested only if needed for troubleshooting. It is necessary if using the "route add" command in the next step.) From the command line, enable the wired networking port using ifconfig. Use an unused IP address on the main LAN: 
ifconfig eth0 192.168.0.59
  • (This step may be optional and is suggested only if needed for troubleshooting.) For the eth0 connection set a route to the default gateway (this should be the IP address of your router / DHCP server on your LAN): 
route add default gw 192.168.0.1 dev eth0
  • For some reason, my connection would not work unless a DHCP connection is enabled: 
netcfg eth0 dhcp
  • Test to make sure traffic is reaching the router: 
ping 192.168.0.1
  • Set a DNS provider (examples are 8.8.8.8 for Google, 8.26.56.26 for Comodo, and 206.67.222.222 for OpenDNS). 
setprop net.dns1 8.8.8.8
  • Return to the Android environment using <ALT>-<F7>.
  • Following these steps, start the Browser. If you get a webpage, then the connection works. If not, make sure all firewalls are off (for your VirtualBox host) while testing your setup.

Troubleshooting Android-x86 networking

  • Android is oriented towards wireless connections. The Android-x86 emulator does not include the tools to do network bridging between the virtual wireless connections and the wired connection (methods of which are discussed here). With a simple wlan0 (or in the virtual environment ifb1) to eth0 bridge, all the networking functions of the Android environment could be enabled. Please write to the developer of Android-x86 requesting this.

Installing apps

Other Android Virtual Machines

Screencasts

Screencasts

Creating screencasts (screencapture)

Several methods for creating screencasts in (K)Ubuntu Linux exist.

FFMPEG with x11grab

Recent versions of FFMPEG include x11grab, a module for screen capture. This method gives the best results for screencaptures and is one of the the most flexible methods, allowing a variety of audio inputs and audiovisual output formats.

Run FFMPEG with x11grab

  • The command for 2 channel audio recording using the ALSA input is: 
ffmpeg -f alsa -ac 2 -ab 192k -i pulse -f x11grab -s 1024x768 -r 30 -i :0.0 -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 /home/user/capturedvideo.avi

The order of the options is important (since some options override others). -f alsa indicates the alsa audio input (an alternative is oss). -ac 2 indicates 2 channel recording (use -ac 1 for mono). -ab 192k means 192 kb/sec audio, which may be too high for your needs. (128k is average). -i pulse indicates to use Pulse Audio (assuming you have it set up) for audio input. -i :0.0 means to capture screen 0.0 (the primary screen). -acodec pcm_s16le means to save with lossless 16-bit audio encoding (which gives a large file). You can use another audio format (such as libmp3lame) here if you wish, or re-encode later when you do processing/convert to your final desired format. Also see the FFMPEG x11grab documentation for other options.

You can also capture to a video codec other than libx264 (although without the corresponding quality of H.264/X264). In a command terminal, type ffmpeg -formats E to see which video codecs your version of FFMPEG supports. For example, to create an .avi file with an XVID video codec and an Mp3 audio codec, use the command: 

ffmpeg -f alsa -ac 2 -ab 128k -i pulse -f x11grab -s 1024x768 -r 30 -i :0.0 -acodec libmp3lame -vcodec mpeg4 -vtag xvid /home/user/capturedvideo.avi

However, I find the quality to be far superior if the capture is done in H.264/X264 and then converted to the (much smaller and more universal) XVID format in a separate step afterwards.

  • Of course, the command can be used as a Menu item. When creating a Menu item, make sure the "Advanced -> Run in terminal" box is ticked.
  • To stop the recording, enter "CTRL-C" (or "q" in earlier versions) in the terminal window in which FFMPEG/x11grab is running.
  • If you have xwininfo installed (installed already in Debian/(K)Ubuntu), you can replace 
-s 1024x768
with 
-s $(xwininfo -root | awk '/geometry/ {print $2}')
in order to automatically capture whatever-sized screen you have. The command would then be: 
ffmpeg -f alsa -ac 2 -ab 192k -i pulse -f x11grab -s $(xwininfo -root | awk '/geometry/ {print $2}') -r 30 -i :0.0 -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 /home/user/capturedvideo.avi
  • A benefit of using Pulse Audio is that several inputs can be combined, allowing both microphone input and music input, for example. The relative volumes can be controlled using Pulse Audio Volume Control (sudo apt-get install pavucontrol).
  • If you do not have Pulse Audio installed, you can capture from the primary audio input card by replacing 
-i pulse
with 
-i hw:0,0
or 
-i /dev/dsp
  • It is possible to record only part of the screen by specifying an offset from the upper left corner of the screen. Use the option :0.0+10,20 where 10 is an example of a x-offset from the left of the screen and 20 is an example of the Y offset from the top of the screen. Also specify the size of the area to recorded, for example -s 320x240. A complete command might then be 
ffmpeg -f alsa -ac 2 -ab 128k -i pulse -f x11grab -s 320x240 -r 30 -i :0.0+10,20 -acodec libmp3lame -vcodec mpeg4 -vtag xvid /home/user/capturedvideo.avi
  • After completing the screencapture, you can then edit and convert it to the desired final format, using FFMPEG (perhaps with the WinFF GUI), mencoder (with or without a front-end such as Avidemux), or a standalone video editor. Some examples of conversion methods are here.

kX11grab

kX11grab is the KDE version of QtX11grab, a frontend for FFMPEG/x11grab screengrabs. It is in alpha stage and does not yet work well.

  • Install kx11grab: 
sudo apt-get install kx11grab
  • Start kX11grab:
K menu -> Utilities -> kx11grab

Install the newest version of FFMPEG with x11grab

  • Older repository-supplied versions of FFMPEG did not have X11grab nor X264 support in them. If you have a very old installation, you can install the newest version of FFMPEG and X264 using the instructions from this thread.

Note: The current, updated versions of FFMPEG in Lucid, Maverick, and Natty are all compiled with x11grab and X264 capabilities. On my Lucid machine, X264 version 85 is already installed, and on Natty, version 106 is already installed. The newest version of X264 (as of 8-2011) is version 116.

If you want the most current version of FFMPEG and the H.264 / X264 video codec, however, then compile and install new versions using these instructions (recreated here).

  • Uninstall x264, libx264-dev, and ffmpeg: 
sudo apt-get remove ffmpeg x264 libx264-dev
  • Install dependencies needed for retrieving, compiling, and running the new versions (you may need to ensure the Universe and Multiverse repositories are enabled): 
sudo apt-get update
sudo apt-get install build-essential checkinstall git libfaac-dev libjack-jackd2-dev
sudo apt-get install libmp3lame-dev libopencore-amrnb-dev libopencore-amrwb-dev libsdl1.2-dev libtheora-dev
sudo apt-get install libva-dev libvdpau-dev libvorbis-dev libx11-dev libxfixes-dev libxvidcore-dev texi2html
sudo apt-get install yasm zlib1g-dev
  • Retrieve, compile, and install a new version of the X264 video codec from VideoLAN (makers of VLC). (Note: Ubuntu normally installs x264 in /usr/bin/x264.): 
cd
git clone git://git.videolan.org/x264
cd x264
./configure --enable-static
make
sudo checkinstall --pkgname=x264 --pkgversion="3:$(./version.sh|awk -F'[" ]' '/POINT/{print $4"+git"$5}')" --backup=no --deldoc=yes --fstrans=no --default
Note: Git uses port 9418 by default. Make sure the Git port is unblocked in your firewall. The last command will build a .deb package named something similar to /home/user/x264/x264_0.116.2074+git2641b9e-1_i386.deb. The installed package can be removed later, if desired, using dpkg -r x264.
  • Retrieve, compile, and install a recent version of FFMPEG. (Note: Ubuntu normally installs FFMPEG in /usr/bin/ffmpeg and related modules in /usr/bin/ffplay, /usr/bin/ffprobe, /usr/bin/ffserver, and /usr/bin/qt-faststart.): 
cd
git clone git://git.videolan.org/ffmpeg
cd ffmpeg
./configure --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libxvid --enable-nonfree --enable-postproc --enable-version3 --enable-x11grab
make
sudo checkinstall --pkgname=ffmpeg --pkgversion="5:$(date +%Y%m%d%H%M)-git" --backup=no --deldoc=yes --fstrans=no --default
hash x264 ffmpeg ffplay ffprobe
Note: Git uses port 9418 by default. Make sure the Git port is unblocked in your firewall. The second-to-last command will build a .deb package named something similar to /home/user/ffmpeg/ffmpeg_201109031233-git-1_i386.deb. The installed package can be removed later, if desired, using dpkg -r ffmpeg.
  • Some programs may expect ffmpeg to be in /usr/bin, so create a symbolic link: 
sudo ln -s /home/user/ffmpeg/ffmpeg /usr/bin/ffmpeg

Add a webcam to a screencast

  • To show your webcam in your screencast, install one of three webcam applications:
  • Cheese (sudo apt-get install cheese) is a Gnome-based webcam application with many options and a re-sizable window.
  • Kamoso (sudo apt-get install kamoso) is a KDE-based webcam application.
  • Xawtv (sudo apt-get install xawtv) is a Gtk-based application. Because the Xawtv window can be arranged so that only the webcam image is shown, it is my favorite webcam display for screencasts. (Click on "X" in the window bar -> Advanced -> No Border (ticked) .)

Any of these applications can be used in (K)Ubuntu.

Start the desired application until your webcam is showing. Position the webcam image on your desktop as desired. Now start your screencapture and the webcam window will be included.

Record microphone and speaker output simultaneously

This example assumes Pulse Audio is installed on the system. This was tested on Natty.

  • Make sure PulseAudio Volume Control is installed: 
sudo apt-get install pavucontrol
  • Start FFMPEG/x11grab as above: 
ffmpeg -f alsa -ac 2 -ab 192k -i pulse -f x11grab -s $(xwininfo -root | awk '/geometry/ {print $2}') -r 30 -i :0.0 -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 /home/user/capturedvideo.avi
  • Start an audio application (such as Audacious, Amarok, Rhythmbox, etc.) so that some audio output is playing through the speakers.
  • Start PulseAudio Volume Control:
Menu -> Multimedia -> PulseAudio Volume Control
  • Select as an input "Monitor of Internal Audio Analog Stereo":
PulseAudio Volume Control -> Input Devices -> Show: All Input Devices
-> Make sure Monitor of Internal Audio Analog Stereo is not muted (click on speaker icon)
  • Make sure your microphone is plugged in.
  • Select as an input "Internal Audio Analog Stereo: Analog Microphone":
PulseAudio Volume Control -> Input Devices -> Show: All Input Devices
-> Make sure "Monitor of Internal Audio Analog Stereo: Port: Analog Microphone " is not muted (click on speaker icon)
  • Make sure the "Internal Audio Analog Stereo" device is selected for the ALSA plug-in [ffmpeg] application:
PulseAudio Volume Control -> Recording -> ALSA plug-in [ffmpeg]: ALSA capture from: Internal Audio Analog Stereo

recordMyDesktop

  • gtk-recordMyDesktop -- a one-step solution. Audio can be captured as well, including through the microphone (whichever inputs are enabled in the mixer/pulse audio system will be captured). Even a virtual machine like VirtualBox can send its audio through the Pulse Audio system, so it can also be captured. The recorded .ogv file can then be converted to a Flash video (.flv) with: 
mencoder -ovc lavc -ofps 30 -oac mp3lame -af volnorm=1:0.5 your_file.ogv -o your_file.flv
or to an .avi (for use with Avidemux, for example): 
mencoder -ovc lavc -ofps 30 -oac mp3lame -af volnorm=1:0.5 your_file.ogv -o your_file.avi
  • If mencoder is not installed: 
sudo apt-get install mencoder

xvidcap with Audacity

Using VNC to capture another computer's screen

Troubleshooting tips

A method that has worked for me in the past is the method described using Avidemux. I use either gtk-recordMyDesktop or xvidcap to capture the video, as above (saving as an .avi). The problem for me is that Avidemux is rather particular about the audio formats it will accept. I have found that it will not accept many mp3 files (depending on the codec originally used to create the mp3 file). However, I have found that if I import any mp3 file into Audacity and then re-export it as an mp3, Audacity will re-encode it with a codec (libmp3lame) that Avidemux likes.

I can therefore combine the .avi video with the .mp3 audio (created by Audacity) using Avidemux.

Screencasts in Windows

Some users will run (K)Ubuntu in a virtual machine (VirtualBox, VMWare, QEMU) in Windows. For those users who wish to record a screencast, there are two good open source screen recording utilities:

  • CamStudio -- works similarly to gtk-recordMyDesktop, with capabilities of converting to Flash videos (.flv and .swf). Records audio and video with options for annotation and other effects.
  • Wink -- essentially a screen capture, it is good for animations with each frame individually constructed. It can output to a video file, including Flash videos.

Examples

Exercise: Slideshow with audio track

This may seem a bit cumbersome, but it works for me. If you have a better method please add it! (Note: I now use the FFMPEG with x11grab method at the top of this page. This method below was how I originally did it.)

  • Gwenview is installed by default in Kubuntu. I then install Avidemux, Audacity, gtk-recordMyDesktop, mencoder, ffmpeg, and kubuntu-restricted-extras.
  • Start gtk-recordMyDesktop but do not use the sound recording portion (leave the Sound Quality box unticked). I find that gtk-recordMyDesktop audio recording is choppy and therefore less than desirable for me (even on my dual-core 64-bit system with 3 Gb RAM).
  • Start Gwenview and find the folder with your pics that will be made into a slideshow. Start gtk-recordMyDesktop recording and the start the slideshow (Gwenview -> View - Start Slideshow). Record until all the slides have displayed. Then stop gtk-recordMyDesktop recording. The file will be saved as an .ogv file (such as MyRecordedFile.ogv).
  • Convert the .ogv file to an .avi file: 
mencoder -ovc lavc -ofps 30 -oac mp3lame -af volnorm=1:0.5 MyRecordedFile.ogv -o MyRecordedFile.avi
  • Create your soundtrack from mp3's or recorded files using Audacity.
  • If you wish to join several mp3 files into a single mp3, you can concatenate them: 
cat File1.mp3 File2.mp3 File3.mp3 > CombinedFile.mp3

Import the mp3 file into Audacity and edit as desired. Export the resulting edited file into a new mp3 file (such as MyAudacitySoundtrackFile.mp3). Even if you make no edits, you should re-export every mp3 using Audacity because Avidemux doesn't always recognize the codecs originally used to create many mp3s (but it always recognizes the mp3s exported by Audacity).

  • Open Avidemux. Open your video file (Avidemux -> File -> Open -> MyRecordedFile.avi).
  • If you wish to trim the file, move the A and B markers to the beginning and end of the desired segment.
  • Add the soundtrack you created with Audacity. (Avidemux -> Audio -> Main Track ... -> Audio Source: External MP3 -> External File: MyAudacitySoundtrackFile.mp3)
  • Save the file with the new soundtrack. (Avidemux -> File -> Save -> Save Video... -> MyNewCombinedFile.avi)

This file can be uploaded directly to YouTub or other sites, or you can convert it into a Flash video: 

mencoder -ovc lavc -ofps 30 -oac mp3lame -af volnorm=1:0.5 MyNewCombinedFile.avi -o MyNewCombinedFile.flv

Conversion / Editing

Video Conversion

Introduction

There are lots of video and audio codecs and lots of methods and preferences for converting between formats. These are only some basic examples. A good deal of trial and error is often required for successful video conversion.

  • Mencoder and ffmpeg are the two packages that are the workhorses of video conversion. Of these, mencoder is faster and generally gives better results.

Mencoder

Mencoder is part of the MPlayer set of libraries (that also uses several of the FFMPEG libraries) for audio/visual conversion. If it is not installed on your system, install it: 

sudo apt-get install mencoder

MP4 with AAC audio to AVI with Xvid / MP3

  • AAC codecs are proprietary, of course, and many DVD players do not accept it for this reason. Xvid is the open source version of DivX, and of course MP3 is a widely available audio format.
  • The AVI container only allows a constant bitrate, so the MP3 audio must be encoded at CBR. If the AAC is 5.1, it will be downcoded to stereo for MP3.
  • This example is a two-pass technique that allows the file size to be specified and quality optimized for that filesize (using the information generated in the first pass). In this example, a 700 Mb file is desired (and is specified by the negative value).

This information is from the Gentoo Wiki for Xvid and mencoder. 

mencoder <input.mp4> -ovc xvid -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=1 -o /dev/null
mencoder <input.mp4> -ovc xvid -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=2:bitrate=-700000 -o <output.avi>

AVI to MPG

  • The MPG format is sometimes useful for creating DVDs (using the MPEG-1 or MPEG-2 video codec, which can be then used for vob files using QDVDAuthor or ToVid). If the audio codec of the AVI file is already AC3 or MP3, it usually can be copied. This example is take from the MPlayer/Mencoder documentation. Example: 
mencoder <input.avi> -of mpeg -ovc lavc -lavcopts vcodec=mpeg1video -oac copy -o <output.mpg>

Add subtitles to video

  • Using mencoder: 
mencoder -ovc [codec] [codec opts] -oac copy -sub [sub file.srt] -subfont-text-scale [3 normally]

In the example above, this would be: 

mencoder <input.mp4> -ovc xvid -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=2:bitrate=-700000 -sub <subtitles.srt> -subfont-text-scale 3 -o <output.avi>
  • Note: When adding subtitles to an .AVI video, you must transcode it completely. It is not sufficient to merely add the subtitle track as listed above -- the entire video must be re-transcoded. So, for example: 
mencoder <input.avi> -ovc xvid -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=1 -o /dev/null
mencoder <input.avi> -ovc xvid -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=2:bitrate=-1400000 -sub <subtitles.srt> -subfont-text-scale 3 -o <output.avi>

Remove subtitles from an .MKV video

Mastroska container (.MKV) video files can have multiple subtitles included. If a conversion to an .AVI container format is desired (for playing on an older DVD player, for example), the default subtitle file is hardcoded into the converted .AVI file, which may be undesirable. To overcome this behaviour (so that the converted .AVI has no subtitles), use the -sid 999 option: 

mencoder <input.mkv> -sid 999 -ovc xvid -oac mp3lame -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=1 -o /dev/null
mencoder <input.mkv> -sid 999 -ovc xvid -oac mp3lame -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=2:bitrate=-1400000 -o <output.avi>

Trim a video

  • Using mencoder: 
mencoder <input.avi> -ovc copy -oac mp3lame -ss 01:57:12 -endpos 00:04:08 -o <output.avi>

where -ss indicates the start position of the clip (hh:mm:ss) and -endpos indicates how long the clip should be. (I use mp3lame for the audio codec because YouTube accepts that.)

Resize a video

  • Using mencoder: 
mencoder <input.avi> -ovc xvid -vf scale=320:240 -oac mp3lame -lameopts cbr:br=192 -xvidencopts pass=2:bitrate=-1400000 -o <output.avi>

where -vf scale=320x240 indicates that the resulting video should be of that size. The position of the suboption in the command string is important. It should immediately follow the option -ovc <vcodec>.

  • HDTV resolution is usually 1920 x 1080 ("1080p") or 1280 x 720 ("720p"). A standard definition widescreen TV has a maximum height of "480p" (usually 853 x 480 but sometimes 720 x 406). The standard width:height aspect ratio for cinema is 1.85:1, whereas the average aspect ratio for widescreen movies distributed for display on television is 16:9 (1.78:1). When resizing a video, it is good to know the original dimensions of the video and maintain the width to height aspect ratio in the chosen scale.
  • Example: A video is distributed as 1280 x 692 (which has an aspect ratio of 1.85:1). The device (a low resolution television) on which it is to be displayed has a maximum width of 720. The desired resolution would then be 720 x 390 to keep the aspect ratio at approximately 1.85:1. The option would then be -vf scale=720:390. An analog television would require 10% overscan, making the maximum width 648. To keep an aspect ratio of 1.85:1 would require a resolution of 648 x 350, or a scale option of -vf scale=648:350.
  • Example: An HQ video is distributed as 1920 x 1080 (which has an aspect ratio of 16:9). It is desired to view the video on a television with a maximum width of 720p, which would require a final resolution of 720 x 406 to maintain an aspect ratio of 16:9. The scale option would be -vf scale=720:406.
  • Example: An HQ video is distributed as 1920 x 1080 (which has an aspect ratio of 16:9). It is desired to view the video on an analogue television with 10% overscan, which would require a final resolution of 648 x 364 to maintain an aspect ratio of 16:9. The scale option would be -vf scale=648:364.

Convert to .MP3 audio file

(Under construction)

  • Use Mplayer to extract audio to pcm .wav file: 
mplayer <input.avi> -vc null -oa pcm -aofile -ss 1441.4 -endpos 260.1 <output.wav>
  • Then convert the .wav file to .mp3 with your favourite converter (such as SoundConverter).

FFMPEG

FFMPEG is the swiss-army knife of video and audio format conversion. It succeeds when no other program can. It is free and open source. If it not yet installed on your system as part of another package (it is used by many video/audio editors), then install it: 

sudo apt-get install ffmpeg

Flash video (.flv) to MPG-2 using FFMPEG

  • To convert a saved Flash video (.flv) to an MPEG-2 format playable on a DVD, convert: 
ffmpeg -i samplevideo.flv -target ntsc-dvd samplevideo.mpg
  • Then use K3b (or Gnomebaker) to write the mpg file to a New DVD Data Project.
  • For PAL use -target pal-dvd. For widescreen, use -target film-dvd. For other conversion tips, see this forum. (Note: Most Flash video has very low resolution, with a screen size of 360x270, for example. You may see a slight diminishment in resolution if you wish to convert it to 720x480 (which is the NTSC standard size) or other screen size. You can keep the original screen size and resolution by omitting the -target parameter.) If your original file is 16:9 widescreen and you desire a 4:3 letterbox output for playing on an overscanned TV, you may need to pad the file so that the widescreen is not compressed (see this forum): 
ffmpeg -i samplevideo.flv -target ntsc-dvd -s 648x364 -padleft 36 -padright 36 -padtop 58 -padbottom 58 samplevideo.mpg
  • You can also use the WinFF GUI and add the command (as above) as a "Preset," for subsequent use. For example:
Video converter (WinFF) -> Edit -> Presets ->
Preset Name: Letterbox -> Preset Label: 16:9 Widescreen to 4:3 Letterbox
Preset command: -target ntsc-dvd -s 648x364 -padleft 36 -padright 36 -padtop 58 -padbottom 58
Ouput file extension: mpg -> Category: DVD
-> Add/Update -> Save
  • To convert to MPEG-4 (mp4) files, use 
ffmpeg -i samplevideo.flv outputvideo.mp4
  • FFMPEG requires that multiple restricted extra codecs be installed. This can be done in a single easy step from the command-line Terminal: 
sudo apt-get install kubuntu-restricted-extras
or 
sudo apt-get install ubuntu-restricted-extras

Convert to .MP3 audio file using FFMPEG

Convert Flash video audio to mp3

  • Once you have downloaded flash video content (.flv) from the Internet (using the Video Download Helper plug-in for Firefox, for example), the audio component can be converted to an mp3 using this command (from the command line Terminal). (This will work for any type of video file, not just Flash.) 
ffmpeg -i nameofvideoclip.flv -ab 160k -ac 2 -ar 44100 -vn nameoffile.mp3
where -i indicates the input, -ab indicates the bit rate (in this example 160kb/sec), -vn means no video ouput, -ac 2 means 2 channels, -ar 44100 indicates the sampling frequency. See FFMPEG docs for more info.

If I only want a segment of the video to be converted, I can use the time markers: 

ffmpeg -i nameofvideoclip.flv -ss 00:00:09 -t 00:03:00 -ab 160k -ac 2 -ar 44100 -vn nameoffile.mp3
where -ss 00:00:09 indicates the point in the video (hh:mm:ss) at which to start conversion and -t 00:03:00 indicates the amount of time (from the start point) to convert.
  • As long as FFMPEG is already installed, the Video DownloadHelper plug-in for Firefox already has an option to automatically convert an online video (such as those found at YouTube) into an .MP3 file. (Settings are adjustable.) From the DownloadHelper icon in Firefox, highlight the video to convert, then
DownloadHelper icon -> Download and Convert -> Converter options: MP3

Edit/convert screencapture with FFMPEG

Note: This section under construction.

  • Note: I now recommend using mencoder for all video conversion techniques. It uses some of the ffmpeg libraries but is faster and gives more reliable and high-quality results.
  • This is only one example of a wide variety of techniques. Once I have a captured video, I want to convert it to XVID video (which is the format my older DVD player accepts) and MP3 audio (mp3lame), which I will place in an AVI container (which my DVD player also accepts). 
ffmpeg -i Punchcast1.avi -vcodec mpeg4 -vtag xvid -acodec libmp3lame -ss 00:00:09 -t 00:03:00 Punchcast2.avi

I will start conversion (-ss) at second 9 (to eliminate unimportant things at the beginning) and convert 3 minutes (-t) of video (00:03:00).

  • I happen to watch my screencasts on my old-fashioned 4:3 television. To do that, I make a letterboxed video: 
ffmpeg -i Punchcast1.avi -vcodec mpeg4 -vtag xvid -ss 00:00:09 -t 00:03:00 -s 648x364 -padleft 36 -padright 36 -padtop 58 -padbottom 58 -acodec libmp3lame  Punchcast3.avi

My laptop screen is 1366x768, which I reduce to a size of 648x364. My TV wants 720x480, so I pad the sides and top/bottom. Why not a width of 720 initially? My older television has 10% overscan, which cuts off 10% of the video. I therefore use (at least) 10% padding on the edges.

In newer versions of FFMPEG, the padding (and many other) options have changed. The proper command is now: 

ffmpeg -i Punchcast1.avi -vcodec mpeg4 -vtag xvid -ss 00:00:09 -t 00:03:00 -s 648x364 -vf pad 720:480:36:58 -acodec libmp3lame Punchcast3.avi

ffmpeg movie=Punchcast1.avi:seek_point=9 -vcodec copy -acodec libmp3lame Punchcast1f.avi

WinFF (FFMPEG GUI)

WinFF is a free, GPL-licensed open source GUI frontend for FFMPEG. Install: 

sudo apt-get install winff xterm

Run:

Menu -> Applications -> Sound & Video -> WinFF

VobSub2SRT (Convert subtitles from .sub/.idx to .srt)

  • VobSub2SRT is a simple (GPLv3-licensed) command line program to convert the image-based .idx / .sub subtitle files (used with the .vob format found on commerical DVDs) into text-based .srt text subtitle files by using OCR. It is based on code from the MPlayer project, Tesseract as OCR software, and libavutil (part of the FFmpeg project).
  • Install dependencies: 
sudo apt-get install libavutil-dev libtiff4-dev tesseract-ocr tesseract-ocr-dev tesseract-ocr-eng
sudo apt-get install pkg-config build-essential cmake
  • If you will be converting subtitles in languages other than English, you must install tesseract for any or all of those languages as well: 
sudo apt-get install tesseract-ocr-vie tesseract-ocr-deu tesseract-ocr-fra tesseract-ocr-ita
sudo apt-get install tesseract-ocr-nld tesseract-ocr-spa tesseract-ocr-por tesseract-ocr-deu-f
where vie is for Vietnamese, deu is for German, fra is for French, ita is for Italian, nld is for Dutch, spa is for Spanish, por is for Portugeuse, and deu-f is for German Fraktur script. If you don't you will get an error of the type: Unable to load unicharset file /usr/share/tesseract-ocr/tessdata/xxx.unicharset.
  • Download and unzip the VobSub2SRT .zip file into its own directory: 
mkdir vobsub2srt
cd vobsub2srt
wget -O vobsub2srt-current.zip https://github.com/ruediger/VobSub2SRT/zipball/ca53a18108eb08d6e2b853643d8c6838e2489823
unzip vobsub2srt-current.zip
rm vobsub2srt-current.zip
  • This will create a subdirectory with the current version. For example, my version is vobsub2srt/ruediger-VobSub2SRT-ca53a18. Change into that directory then compile and install the program. 
cd ruediger-VobSub2SRT-ca53a18
./configure
make
sudo make install
  • This should install the program vobsub2srt to /usr/local/bin. You can uninstall vobsub2srt with sudo make uninstall. You can build a *.deb package (Debian/Ubuntu) with make package. The package is created in the build directory.
  • Convert the .sub / .idx pair of subtitle files (named Filename.sub and Filename.idx) into a .srt sbutitle file (named Filename.srt): 
vobsub2srt Filename
where Filename is the file name of the subtitle files WITHOUT the extension (.sub / .idx).
  • If there are multiple languages in the .sub / .idx pair of subtitle files, you can select which language to convert (using the 2-letter ISO 639-1 language code, e.g. en, fr, de, it, es, pt, etc.): 
vobsub2srt --lang en Filename
  • Edit the .srt subtitle file for OCR mistakes (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
kate Filename.srt

Join .MPG video segments

Individual video segments (MPEG-2, for example) can easily be joined: 

cat samplevideo1.mpg samplevideo2.mpg samplevideo3.mpg > samplevideo123.mpg
You can then write the resulting MPEG-2 file to a DVD and play it in most DVD players.

Split a file into segments

Any file can be split into segments using the Linux command: 

split -b 1440k my_big_file

which will split my_big_file into equal segments of size 1440 kb.

EBook Conversion

Calibre (eBook conversion)

Calibre is an eBook reader, library manager, and tool for conversion between many eBook formats (including the .epub format). Install: 

sudo apt-get install calibre

Convert a web page to ePub format

The ePub (.epub) format is the default format for many eBook readers. Its format is closely similar to HTML, CSS, and XML formatting of many web pages and, therefore, ePub conversion is, in fact, most successful from HTML documents.

  • Save a complete webpage in .htm format:
Firefox -> File -> Save Page As... -> Filter: Web page, complete -> webpage.htm
  • Edit the .htm file (using kate in Kubuntu or gedit in Ubuntu) and delete any elements of the page that you do not wish to be included in the eBook.
  • Start Calibre and add the downloaded/edited .htm file as a book to the Calibre library:
Calibre -> Add Books... -> webpage.htm
  • Convert the downloaded/edited .htm file:
Calibre -> (highlight webpage.htm) -> Convert E-books -> Convert individually

Choose your conversion options.

  • Calibre is able to convert into .mobi format and many other eBook formats as well (in a similar manner).

Create an eBook cover

Calibre allows the addition of a cover to an eBook. In general, a 525x700 px JPEG (.jpg) image is easiest to use as a cover. I superimpose a 525x700 px cover image on a plain 590x750 px background in order to accommodate more eBook reader screens, but that is a personal preference.

  • Using Gimp, create a new image that is 590x750:
Gimp -> New... -> Image Size: 590x750
  • Then import the 525x700 image as a new layer:
Gimp -> File -> Open as Layers... -> MyCoverImage.png
which I position so the bottom edge of the imported image is at the bottom of the blank area, and is, of course, centered.
  • Save the image as the new eBook cover. When prompted to either flatten the image or merge the layers, either option will suffice.

The cover image can be selected (during the conversion process) in the Calibre -> Convert E-books -> Metadata settings.

Email with PGP

Here are several method for setting up encrypted e-mail using PGP. OpenPGP is installed by default in (K)Ubuntu using gpg/gpg2 (GnuPG).

Thunderbird with Enigmail

Thunderbird with Enigmail is available on all major OS platforms (Linux, Mac, Windows) and is therefore the most widely available. Install: 

sudo apt-get install thunderbird enigmail
  • Create a new e-mail account. Both Yahoo Mail and Gmail have free e-mail accounts available that can be used with IMAP (which can be used by Thunderbird).
  • Start Thunderbird:
Menu -> Internet -> Thunderbird
  • Set up your new e-mail account in Thunderbird to use IMAP. (In the example, Yahoo Mail is used, but the method is the same for Gmail.) Make sure your firewall allows ports 993 (IMAP) and 465 (SMTP) and 11371 (HKP).
Thunderbird -> file -> New -> Mail Account... -> (Enter Your name, Email address, Password)
-> IMAP: Access folders and messages from multiple computers (ticked) -> Create Account
  • Generate a new OpenPGP key pair:
Thunderbird -> OpenPGP -> Key Management -> Generate -> New Key Pair -> (fill in desired passpharase, if any, and details)
-> Advanced -> Key Size: 1024 (should be sufficient) -> Key type: DSA & El Gamal (should be sufficient) -> Generate key
-> "We highly recommend to generate a revocation certificate for your key..." -> Generate Certificate
  • This method will use pre-selected key servers stored in the default Thunderbird settings. If you wish to add selected key servers (such as keys.gnupg.net and keyserver.ubuntu.com):
Thunderbird -> OpenPGP -> Preferences -> Keyserver -> Specify you keyserver(s): -> keys.gnupg.net, keyserver.ubuntu.com -> OK
  • Turn off HTML in messages:
Thunderbird -> (Email Account ID) -> Composition & Addressing -> Compose messages in HTML format (unticked) -> OK
  • Send and sign encrypted email with your OpenPGP key.
Thunderbird -> Write -> (compose message) -> OpenPGP -> Sign Message (ticked) -> Encrypt Message (ticked) -> Send

Mail Server setup

Introduction

This setup uses the Postfix 2.7 (SMTP Server/MTA) / Dovecot 1.2 (Pop3/IMAP Server) combination that is installed as the Ubuntu/Debian mail server. It was tested on a Lucid (10.04.2) 64-bit server with a Kubuntu (KDE) desktop.

To use it, MX records with a DNS registrar must be set up in advance.

Setting up MX records with a DNS registrar

  • In this example, I have a domain named mydomain.org which is registered at MasterBlaster DNS Registrar. I will accept mail at mydomain.org and mx.mydomain.org, so that mail addressed either as user1@mydomain.org or user1@mx.mydomain.org will be directed to my mail server to the mail account of user1.

At MasterBlaster DNS Registrar, I create User MX records: 

HOST           MAILSERVER HOSTNAME          MAIL TYPE          MX PREF          TTL

 @             mx.mydomain.org              MX                 10               1800
 mx            mx.mydomain.org              MX                 10               1800

I then make sure there is an A record for mx.mydomain.org so that it is directed to the correct IP address. (I use LDAP, so I also include an A record for my LDAP server.) 

HOST NAME      IP ADDRESS/URL               RECORD TYPE        MX PREF          TTL

 mx            66.77.88.99                  A (Address)        n/a              1800
 ldap          66.77.88.99                  A (Address)        n/a              1800
  • If the LAN on which the mail server's host computer is located uses Dynamic IP addresses and you wish to use CNAME alias forwarding with your primary DNS Registrar then see this section. I have read elsewhere that only an A record is allowed as an MX DNS record type, but perhaps this is DNS Registrar-specific. My MasterBlaster DNS Registrar allows a CNAME alias as the MX record type, as well. 
HOST NAME      IP ADDRESS/URL               RECORD TYPE        MX PREF          TTL

 mx            mydddomain.dyndns.org.       CNAME (Alias)      n/a              1800
 ldap          mydddomain.dyndns.org.       CNAME (Alias)      n/a              1800

In this example, I have a dynamic IP address registered at DynDNS.com as mydddomain.dyndns.org. (The registered dynamic DNS URL name does not have to have any relation to the primary domain's registered URL.) The same Dynamic DNS URL that is used as the CNAME alias for the record of other services can also be used as the CNAME alias for the MX mail record. My server then updates the dynamic IP address for the Dynamic DNS URL mydddomain.dyndns.org at DynDNS.com using ddclient.

  • Whenever address records are changed at a DNS Registrar, it can take as short as half-an-hour (or at least as long as the TTL (in seconds), anyway) or sometimes as long as several hours for the changes to propagate. (Dynamic IP addressing, however, generally uses a very short TTL and the IP address update itself (by ddclient) is nearly instantaneous). If you wish to know to which IP address your email domain is currently being sent, try 
telnet mx.mydomain.org 25

It should display a message with your current IP Address such as

"Trying 66.77.88.99..."

If it shows some other address, the changes have not yet propagated. Be patient.

Of course, until you have your Mail / SMTP server set up and all paths routed and firewalls opened (for port 25, at least), you will get the message

"telnet: Unable to connect to remote host: Connection refused."

Install the Mail server 

sudo apt-get install dovecot-postfix

(Alternatively you can use sudo tasksel install mail-server or sudo tasksel with the Mail server task, but the configuration files with these methods use the mbox format by default instead.)

-> Postfix Configuration: General type of mail configuration: Internet site
-> Postfix Configuration: System mail name: mydomain.org
  • If there are problems with dependencies, they can often be fixed: 
sudo apt-get install -f
I also was forced to remove exim4 using apt-get on the command line because exim4 was blocking the installation of postfix: 
sudo apt-get remove --purge exim4
sudo apt-get install -f
I did not remove exim4 through a package manager because my package manager linked my drupal6 package to exim4; removing exim4 through a package manager removed my drupal6 package as well. This linked behavior didn't occur when removing exim4 through the command-line apt-get.
If the scripted Postfix installation fails, it can often be re-run: 
sudo dpkg-reconfigure dovecot-postfix
or sometimes 
sudo dpkg-reconfigure postfix
  • During installation, Postfix creates and uses a default (self-signed) security certificate, as specified in the /etc/postfix/main.cf file: 
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Depending on the method of installation, these certificate files may already be symbolically linked to similarly-named files. If not, create the symbolic links now: 

sudo ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-mail.pem
sudo ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-mail.key

I sometimes also use an additional symbolic link: 

sudo ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/cacert.pem
  • During installation, a (self-signed) SSL certificate is also created by Dovecot for this domain. By default the certificate is created to /etc/ssl/certs/dovecot.pem and the private key file is created to /etc/ssl/private/dovecot.pem (and the certificate set to expire in 365 days). If you wish to change this, see the Dovecot wiki.

It is easiest to stick with the snakeoil certificates when available, but to use the default certificate of Dovecot instead, edit the Dovecot configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 

sudo kate /etc/dovecot/dovecot.conf

and uncomment (i.e. remove the # from) the lines: 

ssl = yes
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

In versions of Dovecot installed with an integrated installer (such as dovecot-postfix), leave the lines (in /etc/dovecot/dovecot.conf) commented out and instead edit the appropriate configuration file in /etc/dovecot/conf.d. (Earlier versions used /etc/dovecot/dovecot-postfix.conf.) For example (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 

sudo kate /etc/dovecot/conf.d/10-dovecot-postfix.conf

using the same certificate files created by Postfix (that are referenced by the symbolic links): 

ssl = yes
ssl_cert_file = /etc/ssl/certs/ssl-mail.pem
ssl_key_file = /etc/ssl/private/ssl-mail.key

or if the snakeoil certificates are referenced directly, make no changes.

  • Restart Dovecot: 
sudo /etc/init.d/dovecot restart
  • Optionally, install Mutt for testing IMAP mail from the command-line (Mutt is usually installed with Postfix), and Roundcube as a Java/AJAX-powered (browser-based) webmail service. (An alternative to Roundcube is the PHP-based Squirrelmail). 
sudo apt-get install mutt
sudo apt-get install roundcube

I also like Thunderbird as my email client when using a GUI-desktop. 

sudo apt-get install thunderbird

Edit Postfix to reflect all variations of your domain name

  • Edit the /etc/postfix/main.cf file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/postfix/main.cf
to reflect all possible variations of the email domain that will be used to send mail. For example, I get mail at emailuser@mail.mydomain.org and at emailuser@mydomain.org. I therefore include mydomain.org and mail.mydomain.org in the line: 
mydestination = mydomain.org, mail.mydomain.org, MyServerHost.mydomain.org., localhost.mydomain.org., localhost
  • The dovecot-postfix installer edits the /etc/postfix/main.cf file so that it will be used with the Maildir (mail spool) folder system (and will use the Dovecot mail delivery system). You can verify that these lines are present: 
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -n -m "${EXTENSION}"
  • For earlier versions, the commands were: 
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"

Open and forward appropriate ports

  • Of course, in order for your router to forward ports to your mail server, your mail server must have a static IP on your LAN. I have never successfully been able to get Network Manager to reliably maintain a static IP address, so I removed it and created a static IP address. (Alternatively, you can remove network manager and install Wicd, which allows static IP addresses over wired or wireless connections.)

Your firewall also must not block the required incoming ports, and your router must forward them to your mail server.

  • IMAP/IMAPS: Ports 143 and 993
  • Pop/Pops: Ports 110 and 995
  • SMTP: Ports 25 and 587
  • LDAP: Port 389

While troubleshooting, allow all these ports to remain unblocked by a firewall (both for inbound and outbound traffic).

  • Set up Dovecot to listen to the ports by editing either /etc/dovecot/dovecot.conf and/or /etc/dovecot/conf.d/10-dovecot-postfix.conf and/or /etc/dovecot/dovecot-postfix.conf (depending on your setup, or both). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.) 
sudo kate /etc/dovecot/conf.d/10-dovecot-postfix.conf

protocol imap {
    listen = *:143
    ssl_listen = *:993
    ...
    imap_client_workarounds = tb-extra-mailbox-sep
    }

protocol pop3 {
    listen = *:110
    ssl_listen = *:995
    ...
    }
Note: I happen to use Thunderbird with IMAP, so I also add a workaround line that enables usage of the Maildir (mail spooling) folder system with Thunderbird.

Set up Dovecot to be used with Thunderbird

  • To use with Thunderbird, edit the file /etc/dovecot/dovecot.conf and/or /etc/dovecot/conf.d/10-dovecot-postfix.conf and/or /etc/dovecot/dovecot-postfix.conf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
 sudo kate /etc/dovecot/conf.d/10-dovecot-postfix.conf
and add the lines: 
protocol imap {
 ...
imap_client_workarounds = tb-extra-mailbox-sep
}
  • In Thunderbird, under 'Server Settings' -> Advanced, uncheck "Show only subscribed folders". (This may be optional).
  • While searching for server settings, the email client computer should not have outgoing ports 25, 567, 143, 993, 110, 995, and/or 465 blocked, or Thunderbird will not be able to connect automatically.

Create a Dovecot-compatible Maildir directory skeleton

This is a set of default folders that can later be copied for each user. Include the folders you think your users will use. (For additional tips, see the community Ubuntu Dovecot page.) Here is an example set: 

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates


Single User Quick Setup

  • This method uses system user accounts for email accounts. It uses the same pamdb password file and authentication used for system users. It is useful (and quick and easy) if you only have one email domain and only a few users (for each of whom you don't mind creating a system account). An advantage is that it is trivial later to copy (or move) the user's Maildir folder to another location for backup (or migration) purposes.
  • Create a new user whose username (e.g. emailusername) will be the one you will use for email.
K menu -> System -> System Settings -> Advanced -> User management -> User Accounts -> New...
-> Details: Login Name: emailusername -> Ok -> Ok
  • I find it necessary to login once to the new user account for general housekeeping purposes such as ensuring the correct password. I make the password the same as the one I will use for the email account.
I then disable login for the new email user's account:
K menu -> System -> System Settings -> Advanced -> Login manager -> Users -> Excluded users: emailusername
I also disable membership in all secondary groups:
K menu -> System -> System Settings -> Advanced -> User management -> User accounts
-> emailusername -> Modify -> Privileges and Groups -> (untick all privileges and all groups except emailusername)
I then logout and do the remaining steps from the primary system user's account.
  • Copy the Maildir skeleton to the new user's folder: 
sudo cp -r /etc/skel/Maildir /home/emailusername/
sudo chown -R emailusername:emailusername /home/emailusername/Maildir
sudo chmod -R 770 /home/emailusername/Maildir
  • Edit the /etc/dovecot/dovecot.conf (and/or /etc/dovecot/conf.d/01-dovecot-postfix.conf and/or /etc/dovecot/dovecot-postfix.conf) file(s) so that the Maildir (mail spool) folder system is used on a per-user basis. Change the appropriate line to resemble: 
mail_location = maildir:/home/%u/Maildir

Testing

  • Reload Dovecot and Postfix: 
sudo /etc/init.d/dovecot restart
sudo /etc/init.d/postfix restart
  • Test that Postfix SMTP is running: 
telnet localhost 25
and 
telnet mail.mydomain.org 25
then test that Dovecot IMAP is running: 
telnet localhost imap2
and 
telnet mail.mydomain.org imap2
(for older versions of Dovecot, use telnet localhost imap)
  • Login (through imap) with the text-based email client Mutt: 
mutt -f imap://emailuser@mail.mydomain.org
  • Use Thunderbird to create a new IMAP email account for emailusername@mail.mydomain.org. Accept the self-signed certificates. (You may need to quit and restart Thunderbird again for the Maildir folders to register correctly.)
  • Before starting any troubleshooting efforts, try rebooting the entire system once. This will reload all configuration files.
  • This is all that is required for only a few users users on a small system. For multiple email domains and numerous users, however, managing authentication (passwords) and mailboxes will often require a method using virtual user files and/or a database solution such as PostgreSQL, MySQL, or LDAP.

Create a user for virtual mail

  • Note: this is only used with a virtual vmail account, as with LDAP or a database backend.
  • These steps are adapted from this tutorial.
  • Create a new user and group called vmail: 
sudo groupadd -g 5000 vmail
sudo useradd -g vmail -u 5000 vmail -d /var/vmail -m
  • Give the folders appropriate permissions: 
sudo chown -R vmail:vmail /var/vmail
sudo chmod u+w /var/vmail

Configure Postfix with Dovecot for use with a vmail folder

  • Note: this is only used with a virtual vmail account, as with LDAP or a database backend.
  • These steps are adapted from this tutorial.
  • Edit /etc/postfix/master.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/postfix/master.cf

and add the lines to the end: 

dovecot unix - n n - - pipe
 flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

(Note: the second line has to be indented by spaces.)

  • Edit /etc/postfix/main.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/postfix/main.cf

and add the lines: 

virtual_transport=dovecot
dovecot_destination_recipient_limit=1
  • Restart Postfix: 
sudo postfix reload

Install and set up a MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • If you have not yet installed a LAMP (Linux, Apache, MySQL, PHP) server, do so now: 
sudo tasksel install lamp-server
sudo apt-get install dbconfig-common php5-cli

During the setup of the lamp-server, you will be prompted to establish a root superuser password for MySQL (e.g. rootmysqlpw). This is used many times (now and in the future), so it is important to record it in a handy place. When setting up dbconfig-common, for example, this password is requested. Also, clearly, you should choose Apache2 during the dbconfig-common prompts.

  • Install phpMyAdmin: 
sudo apt-get install phpmyadmin
  • Install the Postfix module for mysql: 
sudo apt-get install postfix-mysql
  • If there are dependency issues or problems, fix them: 
sudo apt-get install -f
  • Start phpMyAdmin:
Firefox -> http://localhost/phpmyadmin

(If using a remote system, substitute your domain name URL for localhost.)

-> Username: root -> Password: rootmysqlpw

  • Create a new mailserver MySQL database:

-> phpMyAdmin -> Create new database: mailserver -> Create

or merely from the command line: 

sudo mysqladmin -p create mailserver

(You will often be prompted once for your sudo password and then once again for the root MySQL superuser's password (e.g. rootmysqlpw).)

  • If you make a mistake and wish to delete the database and start over, use phpMyAdmin or the command: 
sudo mysqladmin -p DROP mailserver

(You will often be prompted once for your sudo password and then once again for the root MySQL superuser's password (e.g. rootmysqlpw).)

  • Further command-line options are presented here, but I will use phpMyAdmin in the remaining steps.
  • Create a less privileged user for use by the mailserver database.
phpMyAdmin -> Databases -> mailserver -> Privileges -> Add a new user -> User name: mailuser -> Host: Local
-> Password / Re-type: mailusersecretpw -> Data: Select (ticked) -> Administration: Grant (ticked) -> Go
  • Create a table for the list of virtual domains:
phpMyAdmin -> Databases -> mailserver -> Create a new table on database mailserver: Name: virtual_domains
-> Number of fields: 2 -> Go
-> Field: id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Index: PRIMARY -> AUTO_INCREMENT (ticked)
-> Field: name -> Type: VARCHAR -> Length/Value: 50 -> Collation: utf8_unicode_ci
-> Storage Engine: InnoDB -> Collation: utf8_unicode_ci -> Save
  • Create a table for the user accounts:
phpMyAdmin -> Databases -> mailserver -> Create a new table on database mailserver: Name: virtual_users
-> Number of fields: 4 -> Go
-> Field: id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Index: PRIMARY -> AUTO_INCREMENT (ticked)
-> Field: domain_id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Field: password -> Type: VARCHAR -> Length/Value: 32 -> Collation: utf8_unicode_ci
-> Field: email -> Type: VARCHAR -> Length/Value: 100 -> Collation: utf8_unicode_ci
-> Index: UNIQUE
-> Storage Engine: InnoDB -> Collation: utf8_unicode_ci -> Save
-> domain_id: (ticked) -> Action: Index (Icon) -> Relation view -> domain_id: FOREIGN KEY (INNODB): mailserver.virtual_domains.id
-> ON DELETE: CASCADE
  • Create a table for the aliases 9for forwarding emails from one account to the other):
phpMyAdmin -> Databases -> mailserver -> Create a new table on database mailserver: Name: virtual_aliases
-> Number of fields: 4 -> Go
-> Field: id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Index: PRIMARY -> AUTO_INCREMENT (ticked)
-> Field: domain_id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Field: source -> Type: VARCHAR -> Length/Value: 100 -> Collation: utf8_unicode_ci
-> Field: destination -> Type: VARCHAR -> Length/Value: 100 -> Collation: utf8_unicode_ci
-> Storage Engine: InnoDB -> Collation: utf8_unicode_ci -> Save
-> domain_id: (ticked) -> Action: Index (Icon) -> Relation view -> domain_id: FOREIGN KEY (INNODB): mailserver.virtual_domains.id
-> ON DELETE: CASCADE
  • (Optional) Populate the database with test data, to be used later for testing purposes. 
sudo mysql -p

then enter your root superuser MySQL password (e.g. rootmysqlpw). 

   INSERT INTO `mailserver`.`virtual_domains` (
     `id` ,
     `name`
   )
   VALUES (
     '1', 'example.org'
   );

   INSERT INTO `mailserver`.`virtual_users` (
     `id` ,
     `domain_id` ,
     `password` ,
     `email`
   )
   VALUES (
     '1', '1', MD5( 'summersun' ) , 'john@example.org'
   );

   INSERT INTO `mailserver`.`virtual_aliases` (
     `id`,
     `domain_id`,
     `source`,
     `destination`
   )
   VALUES (
     '1', '1', 'jack@example.org', 'john@example.org'
   );

quit

Configure Postfix to be used with the MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • These steps are adapted from this tutorial. More options are there.
  • Create a file /etc/postfix/mysql-virtual-mailbox-domains.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/postfix/mysql-virtual-mailbox-domains.cf

and add the lines (to match those created in the previous section): 

user = mailuser
password = mailusersecretpw
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'
  • Add the virtual_mailbox_domains configuration file to Postfix: 
sudo postconf -e virtual_mailbox_domains=mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
  • Test the query (assuming you added the sample in the preceding section): 
postmap -q example.org mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

The value "1" should be returned.

  • Create a file /etc/postfix/mysql-virtual-mailbox-maps.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/postfix/mysql-virtual-mailbox-maps.cf

and add the lines (to match those created in the previous section): 

user = mailuser
password = mailusersecretpw
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'
  • Add the virtual_mailbox_domains configuration file to Postfix: 
sudo postconf -e virtual_mailbox_maps=mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
  • Test the query (assuming you added the sample in the preceding section): 
postmap -q john@example.org mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

The value "1" should be returned.

  • Create a file /etc/postfix/mysql-virtual-alias-maps.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/postfix/mysql-virtual-alias-maps.cf

and add the lines (to match those created in the previous section): 

user = mailuser
password = mailusersecretpw
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'
  • Add the virtual_mailbox_domains configuration file to Postfix: 
sudo postconf -e virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf
  • Test the query (assuming you added the sample in the preceding section): 
postmap -q jack@example.org mysql:/etc/postfix/mysql-virtual-alias-maps.cf

The value "john@example.org" should be returned.

Configure Dovecot to be used with the MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • These steps are adapted from this tutorial.
  • Edit the Dovecot configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/dovecot/dovecot.conf
  • Comment (add a # to) the lines: 
passdb pam {
}
  • Uncomment (remove the # from) the lines: 
passdb sql {
 args = /etc/dovecot/dovecot-sql.conf
}

which tells Dovecot that the passwords are stored in an SQL database and add: 

userdb static {
 args = uid=5000 gid=5000 home=/var/vmail/%d/%n/Maildir allow_all_users=yes
}

to tell Dovecot where the mailboxes are located.

  • Change the socket listen section to resemble: 
socket listen {
   master {
       path = /var/run/dovecot/auth-master
       mode = 0600
       user = vmail
   }

   client {
       path = /var/spool/postfix/private/auth
       mode = 0660
       user = postfix
       group = postfix
   }
}
  • Change the protocol lda section to resemble: 
protocol lda {
   auth_socket_path = /var/run/dovecot/auth-master
   postmaster_address = postmaster@mydomain.org
   mail_plugins = sieve
   log_path =
}
  • Edit the /etc/dovecot/dovecot-sql.conf file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/dovecot/dovecot-sql.conf

and change these settings: 

driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailusersecretpw
default_pass_scheme = PLAIN-MD5
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
  • Restart Dovecot. 
sudo /etc/init.d/dovecot restart

Adding virtual domains and users to a MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • (Optional) Populate the database with test data, to be used later for testing purposes. 
sudo mysql -p

then enter your root superuser MySQL password (e.g. rootmysqlpw). 

   INSERT INTO `mailserver`.`virtual_domains` (
     `id` ,
     `name`
   )
   VALUES (
     '1', 'example.org'
   );

   INSERT INTO `mailserver`.`virtual_users` (
     `id` ,
     `domain_id` ,
     `password` ,
     `email`
   )
   VALUES (
     '1', '1', MD5( 'summersun' ) , 'john@example.org'
   );

   INSERT INTO `mailserver`.`virtual_aliases` (
     `id`,
     `domain_id`,
     `source`,
     `destination`
   )
   VALUES (
     '1', '1', 'jack@example.org', 'john@example.org'
   );

quit

Install and set up an LDAP server

  • Note: Under construction (July 2007). Setting up LDAP is a big task and it is not working for me yet. This section is here as my personal reference only.
  • For an introduction to LDAP see the Ubuntu Server 10.04 OpenLDAP section and the community Ubuntu OpenLDAP section.
  • Install the OpenLDAP server: 
sudo apt-get install slapd ldap-utils
  • Install additional modules: 
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
  • Create a backend LDIF file by copying the following example LDIF file, naming it backend.mydomain.org.ldif, somewhere on your system (e.g. to the /etc/ldap folder) (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/ldap/backend.mydomain.org.ldif

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=mydomain,dc=org
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=mydomain,dc=org
olcRootPW: secretldapadminpw
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=mydomain,dc=org" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=mydomain,dc=org" write by * read

Note: Change olcRootPW: secretldapadminpw to a password of your choosing, and of course, mydomain and org to match your own domain name. There must be a blank line after "olcModuleload: back_hdb".

Add the backend file to the directory: 

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/backend.mydomain.org.ldif
  • Create a frontend LDIF file by copying the following example LDIF file, naming it frontend.mydomain.org.ldif, somewhere on your system (e.g. to the /etc/ldap folder) (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/ldap/frontend.mydomain.org.ldif

# Create top-level object in domain
dn: dc=mydomain,dc=org
objectClass: top
objectClass: dcObject
objectclass: organization
o: Mydomain Organization
dc: Mydomain
description: LDAP Mydomain

# Admin user.
dn: cn=admin,dc=mydomain,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secretldapadminpw

dn: ou=people,dc=mydomain,dc=org
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=mydomain,dc=org
objectClass: organizationalUnit
ou: groups

dn: uid=john,ou=people,dc=mydomain,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 1000
gidNumber: 10000
userPassword: jd_userpassword
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: john.doe@mydomain.org
postalCode: 31000
l: Toulouse
o: Mydomain
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress: 
initials: JD

dn: cn=mydomain,ou=groups,dc=mydomain,dc=org
objectClass: posixGroup
cn: mydomain
gidNumber: 10000

Note: Change userPassword: secretldapadminpw and userPassword: jd_userpassword to passwords of your choosing, and of course, mydomain and org to match your own domain name. Maintain the blank lines.

Add the frontend file to the directory: 

sudo ldapadd -x -D cn=admin,dc=mydomain,dc=org -W -f /etc/ldap/frontend.mydomain.org.ldif

Set up Postfix with LDAP

  • Note: Under construction (July 2007). Setting up LDAP is a big task and it is not working for me yet. This section is here as my personal reference only.
  • You can use many different methods for user authentication, including MySQL and PostgreSQL databases. Using LDAP is only one of the methods available.
  • Install the postfix-ldap package: 
sudo apt-get install postfix-ldap

Set up Dovecot with LDAP

  • Note: Under construction (July 2007). Setting up LDAP is a big task and it is not working for me yet. This section is here as my personal reference only.
  • Also see these community Ubuntu tips.
  • Make sure your LDAP server host (e.g. ldap.mydomain.org) is registered with your MasterBlaster DNS registrar.
  • Edit the etc/dovecot/dovecot-ldap.conf configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate etc/dovecot/dovecot-ldap.conf
  • Set the host(s) of the LDAP server(s) (port 389 is the LDAP default and can be omitted): 
hosts = ldap.mydomain.org:389
  • Set TLS to yes: 
tls = yes
  • Set the LDAP version: 
ldap_version = 3

Moving Maildir directories

  • Maildir directories can be moved from one server to another, but it is tricky. The subfolders are designated as hidden files and hidden files must be moved separately (they are not included in routine copies). 
/Maildir/.Drafts
/Maildir/.Sent
/Maildir/.Trash
/Maildir/.Templates

Therefore, to copy a Maildir directory requires 2 commands: 

sudo cp -pr /oldpath/Maildir/* /newpath/Maildir/
sudo cp -pr /oldpath/Maildir/.* /newpath/Maildir/

In this the -p designates to maintain permissions, and -r means recursive copying.

The problem is that the permissions from one server to the next may not match, and it may become necessary to open all the permissions: 

sudo chmod 777 -R newpath/Maildir/*
sudo chmod 777 -R newpath/Maildir/.*

If you can sort out the permissions required by your server (which may require root permissions, postfix permissions, user permissions, or vmail virtual user permissions depending on your setup) then do so, but until you are certain that everything else works, it is easiest to open all permissions initially and then tighten them secondarily.

Once I determined the correct user (e.g. emailuser, root, postfix, or vmail, depending on the system) I then changed the owner to the correct owner (chown user:user) and chmod to 700 for all the Maildir directories.

Also be aware that most USB/Flash/Thumb drives are formatted as FAT32 and will not maintain file permissions. Using them as copying media will not work (unless they are re-formatted to ext3 or ext4). It is also tricky to maintain file permissions when using NFS or SMB networked folders, since root permissions (root squashing) are disabled by default and recent protocols do not easily permit the "no_root_squash" function. It is easiest to use direct (or rsync) copying, or to copy to a (non-formatted) CD/DVD as an intermediate medium.

Also, email files in Maildir folders are designated with the name of the original server. When moving to a new server, it may be necessary to include the name of the old server as a destination in the Postfix main.cf configuration file: 

mydestination = oldserver.oldomain.org, newserver.newdomain.org

Other Resources

Tor

Tor is a project to allow privacy while using the Internet and to limit usage tracking. It routes your traffic through several anonymous nodes, so that your usage appears to come from an IP other than your own. (There are always risks when using the Internet that even Tor can not help with, though. Read this.) Using Tor can slow down your Internet usage significantly, depending on how much traffic is being passed through the Tor network (routine file-sharing or large downloads will also significantly reduce performance of the Tor network.)

Install Tor (Network privacy)

  • Install Tor by following the instructions here. Note that the instructions require port 11371 on your firewall to be open to use the gpg keyserver (and download the key for the debian package). Then see the Tor installation guide for details. In general: 
sudo apt-get install tor
  • Tor can be run in its default configuration from the command-line (or from a menu item with the "Advanced -> Run in terminal" box ticked): 
tor
A separate menu item can be created to reliably shutdown Tor: 
sudo killall tor
  • By default Tor listens for socks traffic on port 9050. In general, applications (including proxies) should send socks traffic to Tor over this port.
  • I don't like Tor to automatically start at boot, so I edit the /etc/tor/torrc configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/tor/torrc
and change the line so it looks like: 
#RunAsDaemon 1
RunAsDaemon 0
then restart Tor: 
sudo /etc/init.d/tor restart

Torbutton (Firefox plug-in)

Once Tor is installed and running properly, Torbutton allows you to choose whether to use Firefox through the Tor anonymizing network or not. Install the .xpi extension directly from the website.

  • The standalone Torbutton add-on for Firefox disables many functions of Firefox, such as the Drag and Drop function. It must therefore be disabled (Firefox -> Tools -> Add-ons -> Extensions -> Torbutton -> Disable) while using many of these Firefox functions.

Instead of the standalone Torbutton, the Tor Project recommends using the Tor Browser Bundle (Tor, Vidalia GUI, a modified version of Firefox, and Torbutton) for greater functionality and security.

Tor Browser Bundle

The Tor Browser Bundle (Tor, Vidalia GUI, a modified version of Firefox, and Torbutton) provides greater functionality and security than the stock Firefox version with the standalone Torbutton. Install from here the version for your language and unpack it. For example: 

wget https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-x86_64-2.2.35-12-dev-en-US.tar.gz
tar -xvzf tor-browser-gnu-linux-x86_64-2.2.35-12-dev-en-US.tar.gz

Then change to the extracted directory and start the Tor Browser Bundle: 

cd tor-browser_en-US
./start-tor-browser

A menu item can also be created with the command to start it.

Using proxies with Tor

usewithtor

  • If you installed a recent version of Tor from the repositories, you will have installed the "usewithtor" package. A number of applications can be automatically redirected to the Torsocks proxy (torsocks) with this utility: 
usewithtor myapplication

A menu item with such a command can then be created.

  • By using torsocks, usewithtor will also block an application from sending UDP traffic (which is not anonymized by the Tor network).
  • Applications that you wish to "usewithtor" (with torsocks) or "torify" (with tsocks) should use port 8118 for the http proxy port and port 9050 for the socks port.

torify

  • Another method is to "torify" an application with a different tor socks proxy (tsocks) if tsocks has been configured (edit /etc/tor/tor-tsocks.conf). 
torify myapplication
  • tsocks does not explictly block UDP traffic, so if it is desirable to allow UDP traffic while anonymizing fttp traffic, use this method.

Privoxy

  • I use the Privoxy proxy to tunnel http traffic through Tor. Install the Privoxy http proxy: 
sudo apt-get install privoxy
  • Applications can be set to send their http traffic to Privoxy over port 8118; Privoxy will then in turn forward the http traffic to Tor over port 9050. (Use an IP address other than 127.0.0.1 if Privoxy and/or Tor are not on the local machine. Use localhost instead of 127.0.0.1 if using IPv6 addressing on your systems).

Note: For some older versions of Privoxy, users have reported better success designating the address of the host computer as 127.0.0.1 instead of localhost in the configuration settings.

  • Edit configuration files.
  • In the configuration file Privoxy is configured by default to listen on port 127.0.0.1:8118. See Firewall considerations. Edit the Privoxy configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/privoxy/config
Add the lines 
forward-socks5 / 127.0.0.1:9050 .
forward-socks4a / 127.0.0.1:9050 .

Note: socks5 allows more authentication choices, UDP for external DNS resolution, and accommodates IPv6. (By including both lines, socks4a is used as a fallback if a program does not support socks5.)

  • Restart Privoxy: 
sudo /etc/init.d/privoxy restart

Other proxies

Other proxies such as socat, Polipo can also be used with Tor instead or Privoxy. Squid can also be daisy-chained to one of the proxies.

Ensuring applications use the proxy

  • See this advice. (Note: this is labeled as "old advice.") In (K)Ubuntu, the bash configuration files are at ~/.profile (i.e. /home/user/.profile) for the current user or at /etc/profile for system-wide usage. Using this advice, edit one of those two files and add the lines at the end of the file: 
http_proxy=http://127.0.0.1:8118/
HTTP_PROXY=$http_proxy
export http_proxy HTTP_PROXY

Using specific applications with Tor

  • Torchat can be used for IM through Tor. Install: 
sudo apt-get install torchat
  • Other applications may allow for the http proxy and the chainloaded socks services of Tor to be used independently (in parallel). Once Tor (and the relevant proxy or proxies) are running, the http proxy 127.0.0.1:8118 and the socks proxy 127.0.0.1:9050 can be specified in the configuration settings of an application that allows for this.

Tor GUIs

  • It is not necessary to use a GUI with Tor.
  • If you will use Tor with a GUI interface (such as Vidalia or TorK), however, edit the Tor configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/tor/torrc
  • Add the line so that the GUI interface can control Tor over port 9051: 
ControlPort 9051
Note: There is some concern that allowing control of Tor over port 9051 is not secure. If you will not be using a GUI, this step is not advised.

Vidalia (Tor interface)

Vidalia is the recommended Qt4-based GUI frontend for Tor. If not installed with Tor, install: 

sudo apt-get install vidalia

Tork (KDE Tor interface)

TorK is a KDE interface for Tor that relied on the older Qt3 platform. It is no longer included in the (K)Ubuntu repositories (as of Natty 11.04). However, if desired it can still be installed (along with the required older Qt3 libraries) by adding the Maverick repository (directly or using a package manager): 

deb http://ubuntu.mirror.cambrium.nl/ubuntu/ maverick main universe
  • Installing TorK also will install privoxy and unless you have also added the Tor repository directly, will also install an older version of Tor from the Ubuntu universe repositories. See these installation tips. Install: 
sudo apt-get install tork privoxy
  • Run TorK (K menu -> Internet -> TorK Anonymity Manager) for the first time using the First Run Wizard (TorK -> Tools -> First Run Wizard).
"No, tor is going to run on this PC" then "I have to start Tor manually" then "Run A Tor client with default settings" then "I want to use Privoxy..." then "Privoxy starts in the background when my computer boots up" then go through the remaining options.
I then start ("Play") TorK as a Client. I happen to like Konqueror for Anonymous browsing, since it worked the first time for me without a problem. I keep Firefox for non-Tor browsing (so I don't have to change any of its settings) or install Torbutton (see below). You may have to fiddle with your Network proxy settings in Konqueror or Firefox (if things don't work the way you expect them to).
  • Allow the Firewall (like Firestarter) to allow ports 8118, 9050, 9051, or just turn off the firewall completely, until everything is working. Then turn the firewall back on. (You should monitor your firewall carefully. TorK has settings to automatically turn it off, if you aren't careful.) No ports are required to be left open in the firewall for Tor to work, as all traffic will be directed through the socks port 9050 (which avoids the firewall).
  • Applications that you wish to "torify" (with tsocks) or "usewithtor" (with torsocks) should use port 8118 (i.e. 127.0.0.1:8118) for the http proxy and port 9050 (127.0.0.1:9050) for the socks port.
  • Once configured as a client successfully, if you have the bandwidth and a stable environment please enable the client/relay mode and/or server mode so that the Tor bandwidth is increased.
  • Note: Tork constantly monitors the network (both Tor and non-Tor traffic). This can cause slowing of the Tor traffic from your computer and even cause intermittent interruptions. (Tor runs in the background and does not require Tork to be running as a control module.) If Tor is running in a stable mode, it will be faster (and less problematic) to stop Tork (sudo killall tork) and allow Tor to run in the background.
  • Note: Traffic that is routed through Privoxy (and then presumably to Tor from Privoxy if configured correctly) will be logged as "non-Tor" traffic by Tork. As long as Privoxy is working correctly, however, this traffic is being forwarded through the Tor socket.
  • Tork does not start Privoxy properly. Privoxy must be started (prior to starting Tork) as a startup program (e.g. using the Bootup-Manager) or manually with the command: 
sudo /etc/init.d/privoxy start

Prevent autostart of proxies and Tor

  • Whenever I stopped the TorK GUI and then later wanted to start it again, I had to manually kill the Privoxy and Tor processes first. 
sudo killall privoxy
sudo killall tor
  • Further, Tor, Privoxy, and Polipo install themselves as automatically started services at bootup. Preventing automatic startup (at boot) of Tor and Privoxy (and/or Polipo) can be accomplished by one of the methods in this Ubuntu Forums thread. Personally, I like using Bootup-Manager: 
sudo apt-get install bum
but another option is: 
sudo update-rc.d tor disable
sudo update-rc.d privoxy disable
sudo update-rc.d polipo disable

which will also stop updates from re-installing the applications as startup services when updates are made.

  • If Privoxy is stopped, it must be re-started with the Bootup-Manager or using the command: 
sudo /etc/init.d/privoxy start

Firewall considerations

Single computer

If you have the Tor client, the proxy client (Privoxy, Polipo, or socat), and the browser client (or other application) on the same computer, you do not need to have any open ports in order to use Tor. In such a circumstance it is safest to block all ports that connect to the Internet. The socks proxy bypasses the firewall entirely (so there is no need to leave any ports open in order for it to communicate).

By closing all ports (using a firewall), applications will be prevented from bypassing Tor (accidentally or unknowingly). Later, if you wish to have some of your traffic directed through Tor and some of your traffic traffic routed outside of Tor, you can open the ports for the traffic that will not go through Tor.

Proxy on LAN

If the proxy (Privoxy, Polipo, socat, etc.) on your LAN is on a computer different from the computer(s) that have the end-user client applications, it is best to open the port (e.g. 8118) for communication only between computers on the LAN (with the end-application clients on them) and the computer on the LAN with the proxy on it. Port 8118 should then not be open to the Internet but only to the computers on the LAN that will use the proxy.

If the Proxy and Tor client are on different computers as well, port 9050 should be open (on the LAN, not on the Internet) between the computer with the Proxy and the computer with the Tor client only, so that the Proxy can forward traffic to the Tor client (but not to the Internet). (Obviously, if the Proxy and the Tor client are on the same computer, there is no need to open the 9050 port at all.)

Blocking all non-Tor traffic using iptables

To ensure that no unprotected traffic "leaks" from applications without your knowledge, it is possible to configure your firewall iptables to prevent all traffic except that which is transmitted through Tor.

Tor network initialization

It may be necessary to open port 443 (or less desirably port 80) to allow resolution of the nodes of the Tor network. Consider using DNS privacy methods.

Troubleshooting

  • Some routers (including a certain version of the Linksys WRT54G) slow down when the incoming/outgoing connection log (cache) becomes full (which can happen with many Tor or P2P connections). Disable the Log if this problem occurs.
  • Although applicable to p2p traffic, this information is generically applicable to Tor as well.

Other resources

  • OnionCat transmits IP-based data transparently through the Tor network on a location hidden basis.

Similar networks:

Remastersys

Note: As of 10-2011 the developer of Remastersys has stopped development and no longer distributes this software. These instructions are for reference of legacy users of Remastersys only.

Install Remastersys

Remastersys is available from Sourceforge. (If using a repository installation from another source (not recommended), note that the (Launchpad) repositories have versions that are different for Jaunty (and earlier) than the ones used for Karmic and later.)

  • Obtain the .deb file from Sourceforge and install: 
wget http://sourceforge.net/projects/remastersys/files/remastersys-ubuntu-karmic-lucid-maverick/remastersys_2.0.18-1_all.deb
sudo dpkg -i remastersys_2.0.18-1_all.deb

Create a custom distribution

  • Remastersys copies all your settings exactly as they are set up in your system, except for proprietary display drivers (and other proprietary hardware drivers). Therefore, customize your distribution to your liking first, using a single user. (It is recommended to keep an installation to less than 2 GB if you wish the remastered distro to fit on a CD. If you intend to use DVDs, it can be larger.)

The custom distribution (dist) option does not retain any files in the /home directory (nor even any users). A new user must be created upon installation from the custom disc. Therefore, do not include any critical files or functions that require a user to be retained. (If you do, use the backup option instead).

  • Once it is perfected, write the distribution to an .iso (for burning onto a distributable CD (or DVD)): 
sudo remastersys dist
Menu -> Multimedia -> K3b CD & DVD Burning -> Tools -> Burn DVD ISO Image...
-> Image to Burn: /home/resmastersys/remastersys/customdist.iso
-> Start -> Default Settings
Note: an MD5 sum will be calculated and displayed, which can be recorded (on the disk, for example) for later verification.
  • Clean the temporary files (if the disc burned and works correctly): 
sudo remasterys clean

Create a system backup

This method allows you to backup a multiple-user system using any privileged user, and retains the user files and settings. 

sudo remastersys backup

Using the Remastersys GUI

A GUI is available (after installation of the Remastersys package):

Menu -> System -> Remastersys Backup

Edit Remastersys configuration file

Choose the settings for the custom distro: 

sudo nano /etc/remastersys.conf

Troubleshooting

  • See this page regarding Remastersys limitations. For example, no single file can be 4 Gb or larger in size; only gdm or kdm can be used as login managers; and all included packages must be available in the Ubuntu repositories.

Dynamic IP servers

I happen to like the DynDNS service because they are one of the oldest (and have free services available). The examples use this service, but there are other services that can be used with similar setups.

Single URL and a DynDNS-capable router

My router happens to have a built-in updater for DynDNS (and for TZO). In the DDNS section of the router configuration, I can set the name of a single URL I have registered with DynDNS (or TZO), along with the username and password I have previously set up at DynDNS.com. The router does the rest automatically for me. If you are using a single URL and have a similar router capability, then this will be the easiest setup by far. First register for a username (with password) at DynDNS (or TZO) and set the URL name there that the server on your host will use. Then input the information into your router's configuration page. The router will do the rest.

Multiple URLs

I use multiple URLs because I run multiple webservers from my host computer. However, the router I currently use only allows me to update one of the URLs. I therefore need an updater program in order to update all of the URLs at the same time.

ddclient

ddclient is a perl-based client that updates the DynDNS (or other dynamic IP DNS service) database to keep track of your host computer's changing dynamic IP address. DynDNS is a public DNS server, and will match your URL name to whichever (current) dynamic IP address that the ddclient sends to DynDNS. Setup will be easiest if you register for a username/password at DynDNS.com (or other dynamic IP DNS service) and set up your desired URLs there, first. Then install the updater client program: 

sudo apt-get install ddclient
If this is the first time you have installed ddclient, you will be prompted for the URL(s) you registered with DynDNS.com (or other dynamic IP DNS service). You will also be prompted for the username/password your registered with DynDNS.com. Lastly, you will be asked which ethernet port your primarily use to connect to the Internet (eth0 for wired, wlan0 for wireless, usually).

The system will function with no further setup if you input the variables correctly. See this DynDNS page for instructions on additional customizations available for use with DynDNS.

Edit ddclient configuration

  • Edit the ddclient configuration file (use kate instead of nano in Kubuntu, or gedit instead of nano in Ubuntu): 
sudo nano /etc/ddclient.conf
  • To set the number of seconds between updates, I add the line 
daemon=3600
My dynamic IP only changes rarely, so I only check it hourly (3600 seconds in an hour).
  • To use secure SSL communications, I add the line 
ssl=yes
  • To use the DynDNS checkip service (which will autodetect your current IP address), I add the line 
use=web, web=checkip.dyndns.com/, web-skip='IP Address'

My configuration file now looks like: 

# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
#
# Check the current IP address. Either check the eth0 port for its current IP address (can't be used on a LAN),
# or use the DynDNS IP checking service.
daemon=3600
pid=/var/run/ddclient.pid
#use=if, if=eth0
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
#
# Login and change the values at the DynDNS site, using SSL.
protocol=dyndns2
ssl=yes
server=members.dyndns.org
login=myDynDNSusername
password=' myDynDNSuserpassword '
mysite_1.dynds.org,mysite_2.dyndns.org,mysite_3.dyndns.org
Note that the password must be enclosed in quotation marks, e.g 'myDynDNSuserpassword' for DynDNS.
  • Ensure that the configuration is working: 
sudo ddclient -daemon=0 -debug -verbose -noquiet
  • Note that you can add additional services and/or domain names to be updated simply by adding an additional block to the configuration file (appropriate for the service). Here is an example (see below for references to additional examples). 
protocol=otherDDNSservice
server=whatever.ddnsservice.org
login=MyOtherDDNSserviceusername
password=MyOtherDDNSservicepassword
mysite4.dnsservice.org, mysite5.dnsservice.org
Run ddclient using cron

Cron is the automatic task scheduler for Linux systems. Although ddclient runs as a daemon, for various reasons I have found it necessary to force an update at least once a day. This can be done as a daily scheduled task, using cron.

  • Edit the crontab with administrative (root) privileges: 
sudo crontab -e
  • Add the line: 
45 04 * * * /etc/init.d/ddclient --force

This will run ddclient and force an update daily at 0400 (actually at 04:45). See here for a full description of cron and its options or Ubuntu Community Help.

Other DDNS services

  • Choose a Dynamic DNS Registrar that is reputable and whom you trust. A Dynamic DNS provider is able to redirect your server traffic to an anonymous IP address by using a type of "man-in-the-middle" redirection (and thereby potentially could intercept your communications). This can be an obvious security risk. Always use SSL/TLS and/or SASL authentication with security certificates, and be sure to encrypt any email that has confidential information in it.

Redirecting a URL

Most free Dynamic DNS providers allow only 1 or 2 free URLs, and they usually include the domain name of the provider itself. For example, DynDNS domains are often of the format mydomain.dyndns.org or something similar.

If you have registered a URL with a different DNS registrar, it can be forwarded to the free URL created at the dynamic DNS provider. (The Dynamic DNS providers (e.g. DynDNS) hope that you will register your URL with them, of course, so that they can make money.)

The dynamic domain URL (e.g. mydomain.dyndns.org) points to the numeric IP address of your location (router/computer). When traffic is routed to this dynamic domain URL, it is then re-rerouted to the correct numeric IP address. This can be a transparent process and, if desired, it is not necessary to reference the dynamic URL except in the forwarding rules from the original DNS registrar to the Dynamic DNS registrar (e.g. DynDNS).

Using forwarding rules, an infinite number of URLs can be forwarded to a single dynamic URL. The primary host that resides at the destination IP address must then resolve the forwarded URLs (using virtual host or .htaccess files) and direct them to the appropriate server on the computer (or LAN).

CNAME aliases

Different DNS registrars have different methods of forwarding a URL, but in general there is one method common to all of them: CNAME aliases.

If you have a URL registered with a DNS registrar, go to the DNS settings for your domain name. Delete any A records (or other entries) and use only CNAME entries.

For example, let's say my free Dynamic DNS URL is mydomain.dyndns.org (at DynDNS.com). My domain URL is mydomain.me, registered at SuperDuper DNS Registrar.

Logging into SuperDuper DNS Registrar, I edit the DNS settings for mydomain.me (which in my control panel is found under Manage DNS). I make sure I have these entries: 

Name Type Content
@ CNAME mydomain.dyndns.org.
www CNAME mydomain.dyndns.org.

The period ("full stop") at the end of the URL is important to designate that the CNAME is a FQDN (fully qualified domain name). A CNAME should not have "http://" in it. The @ symbol indicates a URL name without the first segment, e.g. the URL mydomain.me by itself.

Using CNAME aliasing, the original URL is retained in the browser. It is up to you (using virtual host files or Rewrite rules in the .htaccess files of Apache, for example) if you wish to massage the URL at your server (to change it to a canonical name) or redirect it.

URL forwarding

Some domain name registrars have a URL forwarding option. The method of implementation varies from provider to provider, however, and (depending on the DNS registrar) is often not as reliable as CNAME aliases. URL forwarding may be enabled using a DNS setting (similar to a CNAME alias) such as "URL redirect" or it may be in the form of a "Web forwarding" service. Check with your DNS registrar for specific instructions.

Examples

Multiple domain name URLs, single Dynamic URL

I have 3 servers on my host, each using a different domain name:

  • mysite_1.mydomain.org is registered at MasterBlaster DNS Registrar.
  • mysite_2.mydomain.org is registered at MasterBlaster DNS Registrar.
  • mysite_3.myotherdomain.me is registered at Felix DNS Registrar. This site can also be accessed as myotherdomain.me and www.myotherdomain.me.

I registered a free Dynamic URL at DynDNS and using ddclient make sure it is forwarded to my dynamic IP address (using the instructions above):

  • bagoftricks.dyndns.org

At MasterBlaster DNS Registrar I set up CNAME forwarding for mydomain.org: 

Name Type Content
mysite_1 CNAME bagoftricks.dyndns.org.
mysite_2 CNAME bagoftricks.dyndns.org.

At Felix DNS Registrar I set up CNAME forwarding for myotherdomain.me: 

Name Type Content
@ CNAME bagoftricks.dyndns.org.
www CNAME bagoftricks.dyndns.org.
mysite_3 CNAME bagoftricks.dyndns.org.

On the host computer on my LAN to which incoming port 80 and 443 traffic is initially directed (by the router), I use Apache virtual host files for each of the incoming URLs.

  • For example, mysite_3.myotherdomain.me is a MediaWiki website stored at /etc/mediawiki/mysite_3. There is a symbolic link from /var/www/MySite_3 to /etc/mediawiki/mysite_3, which was created: 
sudo ln -s /etc/mediawiki/mysite_3 /var/www/MySite_3

A virtual host configuration file named MySite3 was then created in /etc/apache2/sites-available (use gedit instead of kate in Ubuntu): 

sudo kate /etc/apache2/sites-available/MySite3

and the settings created: 

<VirtualHost *:80>
#
UseCanonicalName off
#
DocumentRoot /var/www/MySite_3
DirectoryIndex index.php index.html
#
ServerName mysite3.myotherdomain.me
## We want to be able to access the web site using foobar1.dyndns.org or www.foobar1.dyndns.org
ServerAlias  www.myotherdomain.me myotherdomain.me  
ServerAdmin webmaster@localhost
#
RewriteEngine On
#
<Directory /var/www/MySite_3>
 Options Indexes FollowSymLinks MultiViews
 Options FollowSymLinks MultiViews
 # AllowOverride None
 Order allow,deny
 allow from all
</Directory>
#
</VirtualHost>
The virtual host file was made active and Apache restarted: 
sudo ln -s /etc/apache2/sites-available/MySite3 /etc/apache2/sites-enabled/MySite3
sudo /etc/init.d/apache2 restart
  • Mysite_1 is a Drupal6 website stored at /etc/drupal/6/sites/mysite_1.mydomain.org. There is a symbolic link from /etc/drupal/6/sites/mysite_1.mydomain.org to /var/www/MySite_1, which was created: 
sudo ln -s /etc/drupal/6/sites/mysite_1.mydomain.org /var/www/MySite_1

A virtual host configuration file named MySite1 was then created in /etc/apache2/sites-available (use gedit instead of kate in Ubuntu): 

sudo kate /etc/apache2/sites-available/MySite1

and the settings created: 

<VirtualHost *:80>
#
UseCanonicalName off
#
DocumentRoot /var/www/MySite_1
DirectoryIndex index.php index.html
#
ServerName mysite_1.mydomain.org
## We want to be able to access the web site using foobar1.dyndns.org or www.foobar1.dyndns.org
ServerAlias  mysite_1.mydomain.org  
ServerAdmin webmaster@localhost
#
RewriteEngine On
#
<Directory /var/www/MySite_1>
 Options Indexes FollowSymLinks MultiViews
 Options FollowSymLinks MultiViews
 # AllowOverride None
 Order allow,deny
 allow from all
</Directory>
#
</VirtualHost>
The virtual host file was made active and Apache restarted: 
sudo ln -s /etc/apache2/sites-available/MySite1 /etc/apache2/sites-enabled/MySite1
sudo /etc/init.d/apache2 restart
  • Similarly, Mysite_2 is a MediaWiki website stored at /etc/mediawiki/mysite_2. There is a symbolic link from /etc/mediawiki/mysite_2 to /var/www/MySite_2, which was created: 
sudo ln -s /etc/mediawiki/mysite_2 /var/www/MySite_2

A virtual host configuration file named MySite2 was then created in /etc/apache2/sites-available (use gedit instead of kate in Ubuntu): 

sudo kate /etc/apache2/sites-available/MySite2

and the settings created: 

<VirtualHost *:80>
#
UseCanonicalName off
#
DocumentRoot /var/www/MySite_2
DirectoryIndex index.php index.html
#
ServerName mysite_2.mydomain.org
## We want to be able to access the web site using foobar1.dyndns.org or www.foobar1.dyndns.org
ServerAlias  mysite_2.mydomain.org  
ServerAdmin webmaster@localhost
#
RewriteEngine On
#
<Directory /var/www/MySite_2>
 Options Indexes FollowSymLinks MultiViews
 Options FollowSymLinks MultiViews
 # AllowOverride None
 Order allow,deny
 allow from all
</Directory>
#
</VirtualHost>
The virtual host file was made active and Apache restarted: 
sudo ln -s /etc/apache2/sites-available/MySite2 /etc/apache2/sites-enabled/MySite2
sudo /etc/init.d/apache2 restart
  • If the servers are on different computers on the LAN, then Apache reverse proxy virtual host files should be used.

FTP tips

FTP (File Transfer Protocol) is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as a LAN or the Internet. FTP servers are very lightweight and efficient (and require little system overhead to run).

FTP has been used for several decades and is ubiquitous, with clients for every OS and platform. FileZilla, for example, is one of the easiest and most powerful. 

sudo apt-get install filezilla

Almost all current FTP servers allow settings to enable FTPS (TLS/SSL encrypted transfers). This is distinct from the practice of FTP through an SSH connection (known as SFTP) which can only be done by users that already have complete user shells (with SSH capabilities enabled) on the host computer (not a common scenario with shared web host servers, for security reasons). The FileZilla client is compatible with all of the available security implementations.

Vsftpd (FTP server) 

sudo apt-get install vsftpd
  • Edit the configuration file /etc/vsftpd.conf (use gedit instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/vsftpd.conf
  • After changing the desired configuration settings, restart vsftpd: 
sudo /etc/init.d/vsftpd restart

Using two separate user accounts for vsftpd

This is an example setup in which two authenticated user accounts (each with its own password) are used for FTP files. One user account (ftprestricted) will be used for restricted files, and one user account (ftpguest) will be used for less restricted files. The rationale for such a setup is so that the two password-protected accounts will be created with folders in the /home folder, with relative privilege separation from each other and from the rest of the system. (In one commonly used setup, the /home folder is kept is own isolated partition, thereby easing and securing file maintenance during system upgrades (and other transitions). This example method maintains a FTP structure that is in keeping with such a setup).

  • While logged in as a system administrator, create two news user accounts named ftprestricted and ftpuser.
Menu -> System -> System Settings -> Advanced: User Management -> User Accounts
-> New... -> Details -> Status: Enabled -> Login Name: ftprestricted -> Privileges and Groups
-> Privileges: (untick all) -> Groups: (untick all) -> Password/Security -> Password: Valid Until: Always (ticked) -> OK
-> New... -> Details -> Status: Enabled -> Login Name: ftpguest -> Privileges and Groups
-> Privileges: (untick all) -> Groups: (untick all) -> Password/Security -> Password: Valid Until: Always (ticked) -> OK
  • Log out, then log in once as ftprestricted. When prompted, enter a password (such as ftpsecretpw) that will be used for all ftprestricted functions (including FTP access). This will set up a complete shell / folder structure for ftprestricted. Log out, then log in once as ftpguest. When prompted, enter a password (such as ftpopenpw) that will be used for all ftpguest functions (including FTP access). This will set up a complete shell/folder structure for ftpguest. finally, logout and then log in once again as a system administrator.
  • Disable the ability of the two new user accounts (ftprestricted and ftpguest) to log into the system:
Menu -> System -> System Settings -> Advanced: Login Manager -> Users -> Excluded users: ftprestricted (ticked) -> ftpguest (tocked) -> OK
  • Using a File Manager with root-level privileges (sudo dolphin or sudo nautilus), delete any undesirable folders (such as /Desktop, /Templates, /Maildir, etc.) from the /home/ftprestricted and /home/ftpguest folders. (This will create a cleaner FTP folder structure.)
  • Edit the vsftpd configuration file to allow authenticated access (but not anonymous access). Allow read/write privileges (but not for anonymous users). (Use gedit instead of kate if using Ubuntu instead of Kubuntu.) : 
sudo kate /etc/vsftpd.conf
and make sure the following settings are included: 
#
#anonymous_enable=YES
anonymous_enable=NO
#
#local_enable=NO 
local_enable=YES
#
write_enable=YES
#
#anon_upload_enable=YES
anon_upload_enable=NO
#

Also set any other desired parameters. (With this setup, it is not necessary to chroot "jail" a user nor to use a separate "ftpsecure" account.)

  • Save then restart vsftpd: 
sudo /etc/init.d/vsftpd restart
  • Now there will be two FTP accounts that can be used with the FTP server, each with its own password and its own isolated set of folders (in the /home/ftprestricted and /home/ftpguest directories). Naturally, any number of user accounts used strictly for FTP could be created in a similar manner. An FTP client could then connect to the server using Logontype: Normal and either the User: ftprestricted with Password: ftpsecretpw or the User: ftpguest with Password: ftpopenpw.

Securing vsftpd

  • I only allow user accounts set up strictly for FTP to be accessed through FTP. (Unfortunately, user account password sniffing and cracking is all too easy and common these days. Should I allow regular user accounts the be accessed by FTP, this is a huge security hole (IMO).) I therefore add all regular user accounts to the "no FTP" list found at /etc/ftpusers (which, paradoxically, is a list of system user accounts forbidden from using FTP). 
sudo kate /etc/ftpusers

To this list I add all user accounts, except those designated solely for FTP (e.g. ftprestricted and ftpguest created in the example of the preceding section).

Encrypting transfers with FTPS

FTP can be encrypted using FTPS, which is FTP over Secure Socket Layer (TLS/SSL). The discussion below is for explicit FTPS (FTPES).

  • To configure FTPS, edit /etc/vsftpd.conf (use gedit instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/vsftpd.conf
and at the bottom add: 
ssl_enable=Yes

It is also possible to add the "pseudo-" certificate and key that are often pre-installed (or can be installed using the ssl-cert package -- sudo apt-get install ssl-cert) on a (K)Ubuntu system by adding the lines: 

#rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

In a production environment, however, these should be replaced with a certificate and key generated for the specific host. For more information on certificates see the official Ubuntu documentation.

  • Restart vsftpd, and non-anonymous users will be forced to use explicit FTPS: 
sudo /etc/init.d/vsftpd restart
  • When connecting (using the FileZilla client, for example), now use Servertype: FTP over explicit TLS/SSL. A prompt will appear to accept the (snakeoil) certificate.

Troubleshooting vsftpd

  • When using regular FTP behind a firewall, vsftpd uses port 21 as the control port and port 20 as the data port (in both active and passive mode). Make sure ports 20-21 are open in the outgoing firewall of the FTP client, the incoming firewall of the vsftpd server, and that the router forwards ports 20-21 to the LAN IP address used by the computer with the vsftpd server.
  • When using explicit FTPES behind a firewall, port 21 is still used as the control port, but a port range (other than port 20) to be used for data (in both passive and active modes) must be designated in the /etc/vsftpd.conf file, and opened/forwarded accordingly. For example, edit /etc/vsftpd.conf (use gedit instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/vsftpd.conf
and specify a port range (for example 36020-36030) to use: 
pasv_min_port=36020
pasv_max_port=36030

Restart vsftpd: 

sudo /etc/init.d/vsftpd restart

Then make sure ports 21 and 36020-36030 are open in the outgoing firewall of the FTP client, the incoming firewall of the vsftpd server, and that the router forwards ports 21 and 36020-36030 to the LAN IP address used by the computer with the vsftpd server.

Also make sure the FTP client specifies the port range for transfers. For example, in the FileZilla client, these are set:

FileZilla -> Edit -> Settings ... -> FTP -> Transfer Mode: Passive (ticked)
-> Allow fall back to other transfer mode on failure (ticked) -- (this is optional)
-> Active Mode -> Limit local ports used by FileZilla (ticked)
-> Lowest available port: 36020 -> Highest available port: 36030
-> Passive mode -> Use the server's external IP address instead (ticked)

If this is not done correctly, this error will be displayed in the FTP client when trying to connect (and there will be a failure to list the FTP directories): 

"Server sent reply with unroutable address. Using server address instead."

Proftpd (FTP server)

Note: These Proftpd instructions were originally written for the Feisty version of Ubuntuguide. 

sudo apt-get install proftpd

Configure proFTPd users to be "jailed" (chrooted) into their home directories

  • Edit the proftpd configuration file (making a backup first). (Use kate instead of gedit if using Kubuntu instead of Ubuntu.): 
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
sudo gedit /etc/proftpd/proftpd.conf
  • Find this section 
...
DenyFilter           \*.*/
...
and add this line below it: 
DefaultRoot           ~
  • Save the edited file then restart proftpd: 
sudo /etc/init.d/proftpd restart

Configure the proFTPd Server to allow anonymous FTP users to only have "read only" access

  • Edit the proftpd configuration file (making a backup first). (Use kate instead of gedit if using Kubuntu instead of Ubuntu.): 
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
sudo gedit /etc/proftpd/proftpd.conf
  • Append the following lines at the end of file 
<Anonymous ~ftp>
 User            ftp
 Group            nogroup
 UserAlias          anonymous ftp
 DirFakeUser on ftp
 DirFakeGroup on ftp
 RequireValidShell      off
 MaxClients         10
 DisplayLogin        welcome.msg
 DisplayFirstChdir      .message
 <Directory *>
  <Limit WRITE>
   DenyAll
  </Limit>
 </Directory>
</Anonymous>
  • Save the edited file then restart proftpd: 
sudo /etc/init.d/proftpd restart

Configure the proFTPd Server to allow anonymous FTP users to have "read/write" access

  • Edit the proftpd configuration file (making a backup first). (Use kate instead of gedit if using Kubuntu instead of Ubuntu.): 
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
sudo gedit /etc/proftpd/proftpd.conf
  • Append the following lines at the end of file 
<Anonymous ~ftp>
 User            ftp
 Group            nogroup
 UserAlias          anonymous ftp
 DirFakeUser on ftp
 DirFakeGroup on ftp
 RequireValidShell      off
 MaxClients         10
 DisplayLogin        welcome.msg
 DisplayFirstChdir      .message
</Anonymous>
  • Save the edited file then restart proftpd: 
sudo /etc/init.d/proftpd restart

Map the anonymous FTP user to a folder other than /home/ftp/

  • Edit the proftpd configuration file (making a backup first). (Use kate instead of gedit if using Kubuntu instead of Ubuntu.): 
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
sudo gedit /etc/proftpd/proftpd.conf
  • Append the following lines at the end of file 
<Anonymous /location_of_folder/>
 User            ftp
 Group            nogroup
 UserAlias          anonymous ftp
 DirFakeUser on ftp
 DirFakeGroup on ftp
 RequireValidShell      off
 MaxClients         10
 DisplayLogin        welcome.msg
 DisplayFirstChdir      .message
 <Directory *>
  <Limit WRITE>
   DenyAll
  </Limit>
 </Directory>
</Anonymous>
  • Save the edited file then restart proftpd: 
sudo /etc/init.d/proftpd restart

Change the default port number for the proFTPd Server

  • For this example the new port number will be 77. Edit the proftpd configuration file (making a backup first). (Use kate instead of gedit if using Kubuntu instead of Ubuntu.): 
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
sudo gedit /etc/proftpd/proftpd.conf
  • Find this line: 
Port              21
  • Replace with the following line: 
Port              77
  • Restart the FTP server: 
sudo /etc/init.d/proftpd restart

FTP to a remote (K)Ubuntu host from a Windows client

  • Warning: An unsecured FTP server is a security risk. FTP servers should be used either within a firewall-protected LAN only or over the Internet in conjunction with TLS/SSL (FTPS), SSH (SFTP), or using a VPN connection.
  • The remote (K)Ubuntu host machine must have an FTP Server service running.
  • Download and install FileZilla for Windows here.
  • FTP addresses take the form: 
ftp://[username]:[password]@[hostname].[domain].[tld]:[portnumber]/[directory]/

Note: The username and password are optional. If they are not given (and the server is not configured for anonymous access) they will be requested.

FTP to a remote Windows host from a (K)Ubuntu client

  • Warning: An unsecured FTP server is a security risk. FTP servers should be used either within a firewall-protected LAN only or over the Internet in conjunction with TLS/SSL (FTPS), SSH (SFTP), or using a VPN connection.
  • Install an FTP client on your local client machine. Again, you can use FileZilla or CrossFTP.
  • FileZilla is available as a package: 
sudo apt-get install filezilla
  • The FTP address normally has the form: 
ftp://[username]:[password]@[hostname]:[port]

Configure the NAT/router/gateway/firewall for an FTP server

  • The host machine must be running an FTP Server.
  • Configure your FTP server with a limited passive port range so that the same limited TCP port range can be opened in the "incoming" firewall settings.
  • For proftpd, edit the /etc/proftpd/proftpd.conf configuration file (use kate instead of gedit if using Kubuntu instead of Ubuntu): 
sudo gedit /etc/proftpd/proftpd.conf
and edit this line to indicate the desired port range to be used for FTP transfers: 
PassivePorts xx-yy

Port x
where x is the port over which you wish FTP traffic to be transmitted.
  • The NAT/router/gateway/firewall devices or software must be configured to allow the configured incoming TCP ports (port x in the example) to be forwarded to your host on the LAN.

FTP troubleshooting

  • If a connection is not allowed or is "refused," make sure the "outgoing" firewall settings on the client allow the correct FTP ports to be open. The default FTP ports are normally 20-21, unless non-standard ports have been designated and are being used. In that case, the same "incoming" ports that are in use by the FTP server must be allowed as "outgoing" ports by the firewall of the computer with the FTP client as well.
  • If files do not transfer correctly (or appear to transfer from the client to the server but then are not saved on the server), make sure the "Transfer mode" is correctly set. For many servers the "Transfer mode" must be "Active," not "Passive." (Note that this is a different issue from a "Passive" vs. "Active" connection.) This particular problem kept me from connecting to one particular FTP server for over a year (and no one knew the solution)! In the FileZilla FTP client, the Transfer Mode settings are found:
FileZilla -> File: Site Manager... -> My Sites: (highlight FTP server host site) -> Transfer Settings -> Transfer Mode -> Active (ticked)

Google Android FTP clients

Until Ubuntu is widely available on tablets, Google Android is the primary Linux distribution used for a majority of tablets (and other mobile devices). Fortunately, there are several FTP clients available for the Android OS that can connect to a (K)Ubuntu-based FTP server. Note that as with all Android apps (especially those with ads and access to all critical device functions), no guarantee of security can be expected and it is not recommended to use them for private or sensitive uses. Always use complete security and anonymity when enabling access from any Android device (or mobile device using any other OS, for that matter).

  • AndFTP -- available for direct download here and also from the Google Android marketplace. It is free (no ads) and works quite well, with support for FTPS (both explicit and implicit), SFTP, and SCP (SSH Secure copy).
  • SwiFTP -- open source and available for direct download here (free, with no ads); a server version is also available from the F-Droid repository
  • FTPCafe -- available from the Amazon Android App marketplace. The free version is ad-based.
  • FTPDroid -- available from the Google Android marketplace. The free version is ad-based.

SFTP

SFTP is a protocol for transferring files using SSH certificate privileges, but is not strictly FTP through an SSH connection.

  • From the command line, a user would connect an OpenSSH server on a computer where 1) the user already has a shell account and 2) the user already has SSH privileges established (either with an SSH key pair or with a password (using a password is less secure)). From the command line, a connection would be established: 
sftp user:password@ssh.host.org
or 
sftp username@sftp.server.com

(in the latter case you will be prompted for a password).

  • If you have created a public/private key pair using ssh-keygen, the private key must be stored in /home/user/.ssh on the client computer. The key should be accessible only to user 
sudo chmod 600 /home/user/.ssh/identity
or 
sudo chmod 600 /home/user/.ssh/id_rsa

To login once a key pair has been established: 

sftp joe.friday@remote.computer.xyz

Note: You can run the command as a menu item, but the command must be "run in terminal."

SFTP clients

  • FileZilla can create SFTP connections in a manner similar to other types of FTP.
  • Most Google Android clients (including AndFTP) can also create SFTP connections in a manner similar to other types of FTP.
  • Nautilus File Manager (used in Ubuntu/Gnome) can access folders using SFTP by
Nautilus -> Go -> Location
-> sftp://username:password@sftp.server.com
or
-> sftp://username@sftp.server.com (in which case you will be prompted for a password)

Replace username with your username and replace everything after the @ symbol with the server's address. You will be prompted for a password if needed. If there is no username (anonymous) omit the username and the @ symbol.

  • In the Dolphin file manager (used in Kubuntu/KDE), add an entry
Dolphin -> (right-click) in the Places column -> Add entry ... -> Location:
-> sftp://username:password@sftp.server.com
or
-> sftp://username@sftp.server.com (in which case you will be prompted for a password)

SFTP server

The SFTP server is the OpenSSH server. SFTP capabilities are built into the OpenSSH server. See this section for instructions on installing and customising an OpenSSH server. If you can successfully establish an SSH connection, you will be able to successfully establish an SFTP connection. No additional configuration is required.

Using SSH to Port Forward

  • The (K)Ubuntu host must be running an SSH Server.
  • The format of the client command to create an SSH tunnel to an OpenSSH host listening on the default port 22 is: 
ssh -L <local port>:<remote computer>:<remote port> <user>@<remote ip>

An example is: 

ssh -L 6669:94.92.10.15:6667 foowho

In this example, local port 6669 on the local client computer is tunneled by encrypted SSH over the default port 22 to the router at 94.92.10.15. The router must be set up to forward port 22 to whatever the internal LAN IP (such as 192.168.0.56) of the SSH host is. The host is running OpenSSH (ssdh service) and is set to listen to port 22. It then routes the incoming data to the host port 6667, where presumably some other program is waiting for data. foowho has an account on the host running the OpenSSH server.

SSH tunnels can also be established using URLs and even alternate ports. An example is: 

ssh -L 5900:foobar.dyndns.org:5900 foowho -p 11022

In this example, local port 5900 on the client is forwarded through an SSH tunnel on port 11022 to foobar.dyndns.org. The DNS service translates foobar.dyndns.org into the appropriate WAN (Internet) IP address, where the router is listening. The router is set up to forward port 11022 to the LAN machine hosting the OpenSSH server, which is listening on port 11022. It then sends the data to whatever program is running on port 5900 on the host.

  • You can forward a local port to a different port on the remote host.
Example: Make port 80 (web server/browser) on the remote host at 10.0.2.10 available locally as port 81 
ssh -L 81:10.0.2.10:80 user@office.net
  • You can create secure SSH tunnels to multiple hosts using multiple ports. 
ssh -L 81:10.0.2.10:80 -L 82:10.0.2.20:80 -L 83:10.0.2.30:80 user@office.net

Now, local port 81 locally forwards to port 80 on the host at 10.0.2.10, local port 82 forwards to port 80 on the host at 10.0.2.20 and local port 83 forwards to port 80 on the host at 10.0.2.30. In this example, user has an account on all three host machines at 10.0.2.10, 10.0.2.20, and 10.0.2.30.

  • Once port forwarding is set up by ssh, an application is directed to the SSH tunnel for port usage by using the loopback as the destination.
Example 1: 
ssh -L 81:10.0.2.10:80 user@office.net

http://localhost:81 or http://127.0.0.1/:81

will direct a web browser to use port 81 locally, which is being redirected by SSH to port 80 on the remote host at 10.0.2.10.

Example 2: 
ssh -L 5900:foobar.dyndns.org:5900 foowho
vncviewer 127.0.0.1 or vncviewer localhost

will direct vncviewer (which uses port 5900 by default) to direct its traffic through the ssh tunnel to the host at foobar.dyndns.org, where, presumably, a VNC server is listening on port 5900.

Limit OpenSSH users

How to limit the user accounts that can connect through ssh remotely

  • Note: When you initially enable the SSH server, any user with a valid account can connect remotely. This can lead to security risks because password cracking tools exist that try common username/password pairs. This method helps restrict login access.
  • Keep a backup of the ssh server configuration file: 
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL
  • Edit the configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/ssh/sshd_config
  • Change the parameter: 
PermitRootLogin no

This disallows the root user from connecting through SSH remotely.

  • Add the parameter: 
AllowUsers <user1> <user2> ...

and specify the usernames (space separated) that can connect remotely.

NOTE: This will allow ONLY the users specified to connect. You may use wildcards here (example: j* will allow jsmith to connect but not fsmith).

  • You can also use: 
DenyUsers <user1> <User2> ...

and specify, again using wildcards, users restricted from using SSH.

  • If you enable the OpenSSH server and you do not wish to enable any remote connections, you may add: 
AllowUsers nosuchuserhere

OpenVPN server Karmic

OpenVPN

One computer on a LAN can be designated as a VPN server to allow encrypted traffic to pass between remote clients and the computers on the LAN (through the VPN server portal). OpenVPN uses Public Key Infrastructure (PKI) certificates when establishing an encrypted VPN tunnel between two nodes (the server and the client).

This hardware requirements of a dedicated VPN server depend on the number of simultaneous communication tunnels that are anticipated. A very modest computer can fulfill the needs of a VPN server if less than 10 VPN connections are anticipated. A VPN server with dozens of tunnels may benefit from greater RAM and CPU speed. Of course, the speed of the ethernet connection is the limiting factor, so robust networking cards are very important (Gigabit speeds are desirable, at least).

Using a bridge interface

An OpenVPN server often uses a bridge interface. One network connection (an ethernet card, for example) connects to the WAN (Internet) through which the VPN connection is made, and a second network connection (a second ethernet card, for example) connects to the LAN. The traffic between these two connections is "bridged." See Network Interface Bridging for more details.

OpenVPN Server Installation

  • Install OpenVPN: 
sudo apt-get install openvpn

Server certificates

  • Create the OpenVPN server certificates.
  • Copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. 
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/
  • Edit /etc/openvpn/easy-rsa/vars and adjust the variables for your environment: 
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="MyCity"
export KEY_ORG="MyCompany"
export KEY_EMAIL="webmaster@mycompany.com"
  • Run the scripts to create the server certificates: 
cd /etc/openvpn/easy-rsa/easy-rsa
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/

Client Certificates

  • A VPN clients requires a certificate in order to authenticate itself to the VPN server.
  • Create the certificate: 
cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname
Note: Replace hostname with the actual hostname of the client machine that will be connecting to the VPN.
  • Copy the certificate files that have been created to the client:
  • /etc/openvpn/easy-rsa/hostname.ovpn
  • /etc/openvpn/easy-rsa/ca.crt
  • /etc/openvpn/easy-rsa/hostname.crt
  • /etc/openvpn/easy-rsa/hostname.key
  • /etc/openvpn/easy-rsa/ta.key
Note: Use the files that correspond to your client machine's hostname.

Server Configuration

  • On the OpenVPN server, modify /etc/openvpn/server.conf from the example file: 
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
  • Edit etc/openvpn/server.conf: 
sudo nano /etc/openvpn/server.conf
  • Changing the following options to resemble: 
local 172.18.100.101
dev tap0
server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200
push "route 172.18.100.1 255.255.255.0"
push "dhcp-option DNS 172.18.100.20"
push "dhcp-option DOMAIN example.com"
tls-auth ta.key 0 # This file is secret
user nobody
group nogroup
Notes:
local: is the IP address of the bridge interface.
server-bridge: needed when the configuration uses bridging. The 172.18.100.101 255.255.255.0 portion is the bridge interface and mask. The IP range 172.18.100.105 172.18.100.200 is the range of IP addresses that will be assigned to clients.
push: directives to add networking options for clients.
user and group: configure which user and group the openvpn daemon executes as.
Replace all IP addresses and domain names above with those of your network.
  • Create helper scripts to add the tap interface to the bridge.
  • Create /etc/openvpn/up.sh: 
sudo nano /etc/openvpn/up.sh
Add the lines: 
#!/bin/sh
#
BR=$1
DEV=$2
MTU=$3
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV
  • Create /etc/openvpn/down.sh: 
sudo nano /etc/openvpn/down.sh
Add the lines: 
#!/bin/sh
#
BR=$1
DEV=$2
#
/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down
  • Make the scripts executable: 
sudo chmod 755 /etc/openvpn/down.sh
sudo chmod 755 /etc/openvpn/up.sh
  • Restart OpenVpn: 
sudo /etc/init.d/openvpn restart

Client Configuration

  • Copy the example client configuration file:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn

  • Edit the client configuration file: 
sudo nano /etc/openvpn/client.conf
  • Change it to resemble: 
dev tap
remote vpn.mycompany.com 1194
cert hostname.crt
key hostname.key
tls-auth ta.key 1
Note: Replace vpn.mycompany.com with the hostname of your VPN server, and hostname.* with the actual certificate and key filenames that correspond to the client.
  • Restart OpenVpn: 
sudo /etc/init.d/openvpn restart
  • Connect the VPN client to the remote LAN through the OpenVPN server.

Other resources

WebDAV

WebDAV is a method for allowing remote access to local folders via an HTTP-based web browser. In other words, an HTTP-based file server is created (using the Apache2 server platform in these examples, since the Apache2 webserver has a built-in WebDAV module).

This can be combined with user authentication (using LDAP or a number of other password mechanisms).

WebDAV Server Installation

Install Apache webserver

  • Apache2 must be installed, either alone or as part of a LAMP server. 
sudo apt-get install apache2

or 

sudo apt-get install tasksel
sudo tasksel install lamp-server

Open your firewall

Remember, WebDAV is an HTTP server. The incoming default HTTP and/or HTTPS ports (80 and/or 443) should be open to the server. It is, of course, also possible to use custom ports by changing the allowed incoming ports in the firewall, the virtual host configuration file, and, of course, the URL used to reach the WebDAV server.

Enable the Apache2 WebDAV modules

  • Enable the dav and dav_fs modules: 
sudo a2enmod dav_fs
  • Restart Apache2: 
sudo /etc/init.d/apache2 restart

Create a folder for WebDAV use

There are two options:

  • Create a WebDAV directory in the /var/www folder: 
sudo mkdir /var/www/WebDAV1

or

Create a WebDAV directory in the /home/user/ (also known as ~/) folder and create a symbolic link: 

mkdir ~/WebDAV1
sudo ln -s ~/WebDAV1 /var/www/
  • Create a subdirectory for files: 
mkdir /var/www/WebDAV1/files
  • Note: In the next several steps, file/folder ownership and permissions can also be adjusted from a File Manager (such as Dolphin in Kubuntu or Nautilus in Ubuntu) as root: 
sudo dolphin
or 
sudo nautilus
  • Make sure the owner of whichever WebDAV folder was created (and its subfolders, using the -R recursive switch) is www-data (the user ID for Apache2) and the group is that of your user ID (or, alternatively, root): 
sudo chown -R www-data:user /var/www/WebDAV1
or 
sudo chown -R www-data:user ~/WebDAV1

Alternatively you could create a webdav user group so that some group of local users could access the files locally (instead of through WebDAV). Add the individual users to that group and use webdav as the group instead of a single user (or root), for example: 

sudo chown -R www-data:webdav /var/www/WebDAV1
  • To allow files in the WebDAV folder (and its subfolders, using the -R recursive switch) to be Read/Write but not eXecutable (which may be a security risk on some servers): 
sudo chmod 664 -R /var/www/WebDAV1
or 
sudo chmod 664 -R ~/WebDAV1

Create or edit the virtual host file

  • Edit the virtual host (vhost) file used for the URL through which WebDAV will be accessed (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/apache2/sites-available/mydomainhost

where mydomainhost is the name of the virtual host configuration file used for your URL. If you are using the default virtual host file, edit that one.

Add the line 

Alias /webdav1 /var/www/WebDAV1/files

so that accessing the WebDAV folder using the URL 

http://myhost.mydomain.org/webdav1

will forward to the correct folder (/var/www/WebDAV1) on the computer.

  • The final virtual host file ought to resemble: 
<VirtualHost *>
#
# UseCanonicalName off
# ServerName webdav1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 webdav1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /webdav1 /var/www/WebDAV1/files
#
 <Directory /var/www/WebDAV1/>
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
 </Directory>
</VirtualHost>

In this example, the WebDAV server is on the primary server, so the URL is the same as that of the primary server (and would be accessed from http://myhost.mydomain.org/webdav1). The primary server's IP address on the LAN (in this example) is 192.168.0.155, so to access it from the LAN, this address could also be used: http://192.168.0.155/webdav1.

  • Enable the virtual host (vhost): 
sudo ln -s /etc/apache2/sites-available/mydomainhost /etc/apache2/sites-enabled/
  • Restart Apache2: 
sudo /etc/init.d/apache2 restart
  • Test that the folders are reachable through Apache2 using:
http://localhost/webdav1
or
http://192.168.0.155/webdav1

Create password access for the WebDAV folders

  • Note: This method uses HTTP Basic Authentication as outlined in the Apache documentation. However, this same documentation recommends against routine use of HTTP Basic Authentication (which transmits unencrypted passwords, inviting password sniffing) and instead recommends HTTP Digest Authentication (or at least HTTP Basic Authentication over SSL). Refer to the Apache documentation for more details.
  • Create the WebDAV password file /var/www/WebDAV1/passwd.dav with the user testuser. For more info see here. (The -c switch creates the file if it does not exist.): 
sudo htpasswd -c /var/www/WebDAV1/passwd.dav testuser
Type in a password for the user testuser.

We will later use this userID when connecting to the WebDAV URL:

http://myhost.mydomain.org/webdav1
  • Add other users (e.g. testuser2, testuser3, etc.) as needed. (Omit the -c switch because the password file already exists.) 
sudo htpasswd /var/www/WebDAV1/passwd.dav testuser2
Note: See below for adding a password for users accessing WebDAV folders from Windows clients.
  • Change the permissions of the /var/www/WebDAV1/passwd.dav file so that only www-data (as owner) and user (or, alternatively, root) as the group can access it: 
sudo chown www-data:user /var/www/WebDAV1/passwd.dav
sudo chmod 660 /var/www/WebDAV1/passwd.dav
Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting.
  • Edit the virtual host (vhost) file /etc/apache2/sites-available/mydomainhost (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/apache2/sites-available/mydomainhost
and add the following lines to it: 
#
 <Location /webdav1>
  DAV On
  AuthType Basic
  AuthName "webdav1"
  AuthUserFile /var/www/WebDAV1/passwd.dav
  Require valid-user
 </Location>

The final virtual host (vhost) file should resemble: 

<VirtualHost *>
#
# UseCanonicalName off
# ServerName webdav1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 webdav1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /webdav1 /var/www/WebDAV1/files
#
 <Directory /var/www/WebDAV1/>
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
 </Directory>
#
 <Location /webdav1>
  DAV On
  AuthType Basic
  AuthName "webdav1"
  AuthUserFile /var/www/WebDAV1/passwd.dav
  Require valid-user
 </Location>
</VirtualHost>
  • Reload Apache: 
/etc/init.d/apache2 reload

Testing WebDAV

  • Install cadaver, a command-line WebDAV client: 
sudo apt-get install cadaver
  • Test if WebDAV works: 
cadaver http://localhost/webdav1/

You should be prompted for a user name. Type in testuser and then the password for testuser. If all goes well, you should be granted access which means WebDAV is working ok. To leave the WebDAV shell, type quit: 

server1:~# cadaver http://localhost/webdav1/
Authentication required for test on server `localhost':
Username: testuser
Password: *******
dav:/webdav1/> quit
Connection to `localhost' closed.
server1:~#

Set up Digest Authorization (encrypted passwords) 

sudo a2enmod auth_digest
  • Create a digest authorization password file: 
sudo htdigest -c /var/www/WebDAV1/digestpasswd.dav webdav1digest testuser
  • Add other users (e.g. testuser2, testuser3, etc.) as needed. (Omit the -c switch because the password file already exists.) 
sudo htdigest /var/www/WebDAV1/digestpasswd.dav webdav1digest testuser2
Note: See below for adding a password for users accessing WebDAV folders from Windows clients.
  • Change the permissions of the /var/www/WebDAV1/digestpasswd.dav file so that only www-data (as owner) and user (or, alternatively, root) as the group can access it: 
sudo chown www-data:user /var/www/WebDAV1/digestpasswd.dav
sudo chmod 660 /var/www/WebDAV1/digestpasswd.dav
Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting.
  • Edit the virtual host (vhost) file /etc/apache2/sites-available/mydomainhost (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/apache2/sites-available/mydomainhost
and this time add the following lines to it: 
#
 <Location /webdav1>
  DAV On
  AuthType Digest
  AuthName "webdav1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
 </Location>

so that the final file resembles: 

<VirtualHost *>
#
# UseCanonicalName off
# ServerName webdav1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 webdav1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /webdav1 /var/www/WebDAV1/files
#
<Directory /var/www/WebDAV1/>
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
 </Directory>
#
# <Location /webdav1>
#  DAV On
#  AuthType Basic
#  AuthName "webdav1"
#  AuthUserFile /var/www/WebDAV1/passwd.dav
#  Require valid-user
# </Location>
#
 <Location /webdav1>
  DAV On
  AuthType Digest
  AuthName "webdav1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
 </Location>
</VirtualHost>

Enable WebDAV lock

Although optional, the lock database prevents multiple users from overwriting the same file simultaneously.

  • Create a global Apache2 configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/apache2/conf.d/webdav
and add the single line: 
DavLockDB /var/lock/apache2/DAVLock
It may be necessary to also add this line to the dav_fs configuration file: 
sudo kate /etc/apache2/mods-available/dav_fs.conf

This directive indicates that the locking database files will be named DAVLock by the dav_lock module. These database files will be stored by Apache in the /var/lock/apache2 folder.

  • By default, Apache2 allows a WebDAV client to set the file lock time. Many WebDAV clients, for example, impose a file lock time of 2 minutes. A longer lock time can optionally be imposed by the WebDAV server by adding an additional line: 
DAVMinTimeout 5
where in this example the minimum file lock time is set to 5 minutes for all clients. (The default is DAVMinTimeout 0, which indicates that no minimum file lock time is imposed by the server and it is left up to the individual WebDAV clients).
  • Enable the Apache2 dav_lock module: 
sudo a2enmod dav_lock
  • Restart Apache2: 
sudo /etc/init.d/apache2 restart

Multiple WebDAV servers on a LAN using a single IP address and router

Note: This section is undergoing editing.

  • To run multiple servers (including WebDAV servers) on multiple computers on a LAN using only a single IP address and router, see this solution using reverse proxies in Apache.
  • Each server should have a unique WebDAV folder name. Instead of using WebDAV1 and webdav1, different names, such as WebDAV2 and webdav2, WebDAV3 and webdav3, WebDAV4 and webdav4, etc., should be used on each of the individual computers.
  • Each computer's WebDAV folder would then be reached by its own unique label, e.g.
http://myhost.mydomain.org/webdav1
or
http://myhost.mydomain.org/webdav2
or
http://myhost.mydomain.org/webdav3

Alternatively, if each computer has its own unique URL, the unique URL can be used. Adjust the reverse proxy virtual host file (on the primary server that acts as the proxy/reverse proxy to the other servers) accordingly in order to enable this.

This does not always work and a lot of troubleshooting and trial and error is needed to perfect rewrite rules. Sometimes a more relaible method is to just use the RedirectMatch rule with the actual LAN IP address of the second server.

Here is a detailed example, although there are many ways to accomplish this.

  • On the primary server of the LAN (the one to which the router initially directs port 80 traffic), make sure the proxy/reverse proxy modules of Apache2 are enabled and then restart Apache: 
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /etc/init.d/apache2 restart
Also makes sure the rewrite module is on: 
sudo a2enmod rewrite
  • This example assumes the primary server has its own set of WebDAV folders (as in the steps outlined above), labeled webdav1/WebDAV1.
  • Duplicate the steps for the second server, substituting webdav2 and WebDAV2 in each step.
  • On the primary server, edit the virtual host file for the primary URL (e.g. /etc/apache2/sites-available/mydomainhost) by which the LAN is reached (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/apache2/sites-available/mydomainhost
  • Near the beginning of the file add the lines: 
#
 UseCanonicalName off
# 
 RewriteEngine On
 RedirectMatch (.*)/webdav2 http://192.168.0.156/webdav2

This example assumes, of course, that the second server is located on the LAN at IP address 192.168.0.156. This ensures that the newly transformed URL gets sent to the correct IP address on the LAN. This is the proxy function of the first server. (It also specifies the reverse process.)

The file should now resemble: 

<VirtualHost *>
#
 UseCanonicalName off
# 
 RewriteEngine On
 RedirectMatch (.*)/webdav2 http://192.168.0.156/webdav2
# 
# ServerName webdav1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 webdav1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /webdav1 /var/www/WebDAV1/files
#
<Directory /var/www/WebDAV1/>
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
 </Directory>
#
# <Location /webdav1>
#  DAV On
#  AuthType Basic
#  AuthName "webdav1"
#  AuthUserFile /var/www/WebDAV1/passwd.dav
#  Require valid-user
# </Location>
#
 <Location /webdav1>
  DAV On
  AuthType Digest
  AuthName "webdav1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
 </Location>
</VirtualHost>

While this method is not required, it allows the second WebDAV server to be accessed from another computer on the LAN either by http://myhost.mydomain.org/webdav2 or by http://webdav2.mydomain.org. Using this method, by editing only the virtual host file on the primary server (that acts as proxy), access to the secondary WebDAV server can be selectively restricted to the LAN only or can be enabled for complete access from the Internet at large.

WebDAV with LDAP

Note: This section is undergoing editing.

If an LDAP server exists already, you can use the Apache2 mod_authnz_ldap module.

Do you intend to place each person's website in a separate directory below the common DAV root? If so, you'll probably want to limit access to each directory to its specific user for security. An .htpasswd file in each directory is the easiest solution, but it's safer to put all the access rules in the global WebDAV configuration file located in the /etc/apache2/sites-enabled folder.

WebDAV Clients

Dolphin

The Dolphin File Manager used in the KDE desktop of Kubuntu has built-in WebDAV support. A folder on a WebDAV server can be accessed directly by entering its location in the location bar. Examples: 

webdav://localhost/webdav1
or 
webdav://myhost.mydomain.org/webdav1

Note that a location can be made a permanent folder in Dolphin by right-clicking on the leftmost Places panel --> Add entry... -> Location: webdav://localhost/webdav1

Nautilus

The Nautilus File Manager used in the Gnome desktop of Ubuntu has built-in WebDAV support. A folder on a WebDAV server can be accessed directly.

Nautilus -> File -> Connect to Server -> Service Type: WebDAV (HTTP) -> Server: localhost/webdav1
or
Nautilus -> File -> Connect to Server -> Service Type: WebDAV (HTTP) -> Server: myhost.mydomain.org/webdav1

Firefox

The Firefox web browser natively recognizes WebDAV folders. Merely enter the URL of the WebDAV folder in the location bar: 

http://myhost.mydomain.org/webdav1

Konqueror/Rekonq

The Konqueror (now Rekonq) web browser of the KDE desktop in Kubuntu natively recognizes WebDAV folders. Merely enter the URL of the WebDAV folder in the location bar: 

http://myhost.mydomain.org/webdav1

Cadaver

Cadaver is a command-line interface for WebDAV. It can be useful for automated and script-based command-line functions, such a remote copying. Install: 

sudo apt-get install cadaver

Windows

Windows Explorer in Windows has built-in WebDAV support. Map the WebDAV folder to a lettered drive:

Windows Explorer -> Tools -> Map network drive... -> Folder: http://myhost.mydomain.org/webdav1

Creating passwords for Windows clients

Some Windows clients (including Windows Explorer in XP) append the URL of the WebDAV folder to the user name. For example, when a WebDAV request is made by testuser3 to the WebDAV server at http://myhost.mydomain.org/webdav1, Windows will send a request for access as myhost.mydomain.org\testuser3. To accommodate this behavior, additional user accounts in the Windows format must be added to the password file on the WebDAV server. Note the extra \ .

  • If using Basic Authentication, add the user to the password file: 
sudo htpasswd /var/www/WebDAV1/passwd.dav myhost.mydomain.org\\testuser
  • If using Digest Authentication, add the user to the password file: 
sudo htdigest /var/www/WebDAV1/digestpasswd.dav webdav1digest myhost.mydomain.org\\testuser
  • Note: There is a bug in the Windows WebDAV redirector when used with Digest Authentication. (See this tutorial for more details.) A workaround entails mapping the WebDAV folder to a drive letter using the command line. This can only be done in a Windows computer that has just been booted.
  • Mount the WebDAV folder to a Windows drive letter with the Net use command. Enter the following into the Windows Start menu -> Run... command line: 
net use * "http://myhost.mydomain.org/webdav1/" testuserpassword /user:myhost.mydomain.org\testuser
  • A specific drive letter (such as W:) can be used instead of the *. The * option specifies to mount the resource to the next available Windows drive letter.
  • To make the mapping permanent, add the option /persistent:yes
  • A (.bat) batch file can be created that contains this net use command. A Windows shortcut to this batch file can then be placed in the Windows Start menu -> Programs -> Start folder. This will run the net use command (from the batch file) at every bootup (following the start of all basic services). The batch file may need to address the net command by its absolute folder location: 
C:\WINDOWS\system32\net use * "http://myhost.mydomain.org/webdav1/" testuserpassword /user:myhost.mydomain.org\testuser
  • To disconnect a web folder (either from the Start menu -> Run... dialog box or from a batch file, where X: is mounted Windows drive letter: 
net use X: /delete

Android

  • The Android web browser natively recognizes WebDAV folders. Merely enter the URL of the WebDAV folder in the location bar: 
http://myhost.mydomain.org/webdav1

References

Apache2 reverse proxies

This solution solves the problem of having multiple servers on a LAN which has a single router connected to the Internet. The router forwards all port 80 traffic to a single primary server. That server will then be required to act as a proxy for the other servers on the LAN, redirecting incoming traffic addressed to the URLs of those other servers to their respective LAN IP addresses.

This increases the amount of traffic passing through the primary server, so is not a recommended solution for high volume situations unless the primary server is a dedicated gateway/proxy server. (For high volume situations, a load balancer such as Pound should be used.)

This method uses Apache2 virtual host configuration files on the primary server (to which the router sends port 80 traffic).

  • On the primary server (which will act as the proxy), create a symbolic link to enable the proxy modules in Apache2, then restart Apache2: 
sudo ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled
sudo ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled
sudo /etc/init.d/apache2 restart
  • Edit a virtual host file for all secondary servers (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/apache2/sites-enabled/proxiedhosts
and edit the file so that it resembles: 
<VirtualHost *:80>
#
ServerName internalserver2.mydomain.org
#
    ProxyPreserveHost On
    ProxyRequests off
    ProxyPass / http://192.168.1.192/
    ProxyPassReverse / http://192.168.1.192/
#
</VirtualHost>
#
#<VirtualHost *:80>
#
#ServerName internalserver3.mydomain.org
#
#     ProxyPreserveHost On
#     ProxyRequests off
#     ProxyPass / http://192.168.1.193/
#     ProxyPassReverse / http://192.168.1.193/
#
#</VirtualHost>
#
#<VirtualHost *:80>
#
#ServerName internalserver4.mydomain.org
#
#     ProxyPreserveHost On
#     ProxyRequests off
#     ProxyPass / http://192.168.1.194/
#     ProxyPassReverse / http://192.168.1.194/
#
#</VirtualHost>
Make sure that each URL for each server has an entry (and obviously remove the hashmarks for each one that is active).
  • Activate the virtual host file by making a symbolic link to the Apache2 sites-enabled folder then restarting Apache2: 
sudo ln -s /etc/apache2/sites-enabled/proxiedhosts /etc/apache2/sites-enabled
sudo /etc/init.d/apache2 restart

Other resources

The information for this page was synthesized from these sources:

MediaWiki tips

MediaWiki is the free, open source server software that Wikipedia uses. It is scalable to very large uses. It runs on the LAMP server stack (which uses the MySQL database and is available as an installation option with the (K)ubuntu server), or it can be used with a postgreSQL database. (Other instructions are also available here.)

Install MediaWiki

  • Install from the repositories: 
sudo apt-get install mediawiki
  • Edit the config file so it recognizes MediaWiki (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/mediawiki/apache.conf

Uncomment (remove the #) the line: 

Alias /mediawiki /var/lib/mediawiki
  • Restart apache2: 
sudo /etc/init.d/apache2 restart
  • Run/install MediaWiki by logging into: 
http://localhost/mediawiki
You will be prompted for configuration variables to be set. You can accept the default database name to be created (wikidb) and the default user for the database (wikiuser). Choose a unique password for this wiki database. (You don't need to remember this password for anything later, and, unfortunately, it isn't saved in an encrypted manner, so don't use a sensitive password that you use anywhere else). The trickiest part is the MySQL superuser name/ superuser password. Hopefully you remember your MySQL superuser that you set at the time of LAMP (or MySQL) installation.
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original): 
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_at_install.php

Edit your configuration variables there (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 

sudo kate /etc/mediawiki/LocalSettings.php
  • If you are using a virtual host server, make a symbolic link (named in this example mywiki) from your /usr/share/mediawiki installation folder to your /var/www folder: 
sudo ln -s /usr/share/mediawiki /var/www/mywiki

then make sure you have an apache2 virtual hosts configuration file (in /etc/apache2/sites-available) that points to /var/www/mywiki as the DocumentRoot. Make a symbolic link from your virtual host configuration file in /etc/apache2/sites-available to /etc/apache2/sites-enabled to enable it. Restart apache2 after enabling the sites. (Warning: MediaWiki is not secure at installation and can be easily hacked by new users. Do not publish your wiki to the Internet before reading all the instructions and changing the configuration file (LocalSettings.php) so that it is more secure.) You would then access the database at: 

http://my.virtualwikihost.org
ReCaptcha

I strongly recommend installing a Captcha mechanism immediately upon installation. See this section.

Editing the LocalSettings.php configuration file

There are lots of configuration settings that can be set in this file. (See the MediaWiki manual.)

But during the time you are learning how to administer MediaWiki, you ought to take some basic security steps. Otherwise you will be hacked within a few minutes of publishing your wiki to the web. I suggest taking a gander at how to prevent access before you start. Shut down everything and then remove restrictions one by one once you are comfortable that you have taken reasonable security precautions. (I have seen a lot of hacked wikis on the web lately).

  • Disallow user creation by anyone other than the sysop. (There are a lot of clever hackers out there who can change the settings faster than you can, if you let them create an account.) Add these lines somewhere to LocalSettings.php: 
#User restrictions
#Account creation by anonymous users
$wgGroupPermissions['*']['createaccount'] = false;
#Account creation by registered users
$wgGroupPermissions['user']['createaccount'] = false;
#Account creation by sysops
$wgGroupPermissions['sysop']['createaccount'] = true;
Note: * stands for anonynmous users, user stands for confirmed users, and sysop obviously stands for sysops.
  • Disallow page editing, page creation, or talk page creation by anonymous users. Add the lines: 
#Anonymous user permissions
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
  • Determine uploads privileges. Initially, I restrict allowed file uploads to .jpg, .gif, and .png images. My first day I found .xls, extensions, and others stuff uploaded by hackers, before I figured out how to stop this. I further restricted uploads by anonymous users. 
#Uploads rules
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
#$wgEnableUploads       = false;
$wgEnableUploads = true;
#Only allow restricted uploads
$wgCheckFileExtensions = true;
$wgStrictFileExtensions = true;
$wgFileExtensions = array('png', 'gif', 'jpg'); 
#Permissions for uploads
#Not for Anonymous
$wgGroupPermissions['*']['upload'] = false;
$wgGroupPermissions['*']['reupload'] = false;
$wgGroupPermissions['*']['reupload-shared'] = false;
#Uploads (but not re-uploads) for Users
$wgGroupPermissions['user']['upload'] = true;
$wgGroupPermissions['user']['reupload']        = false;
$wgGroupPermissions['user']['reupload-shared'] = false;
#Sysops
$wgGroupPermissions['sysop']['upload'] = true;
$wgGroupPermissions['sysop']['reupload'] = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
As a further precaution, I made a separate images folder ( /etc/mediawiki/images ) that I use for my uploads. I then make an Alias to this folder in /etc/mediawiki/apache.conf: 
sudo nano /etc/mediawiki/apache.conf
and adding the line: 
Alias /images /etc/mediawiki/images
Lastly, I add a configuration file into the 'images' folder that prevents any scripts that (somehow) get uploaded from executing: 
cd /etc/mediawiki/images
sudo nano .htaccess
and adding the lines: 
Options -Indexes
# No php execution in the upload area
php_admin_flag engine off
Note: If you are using multiple wikis (as outline below), images are accessed through a script. Using the php_admin_flag engine off option will disable this ability. Therefore, do not use this line in .htaccess when creating multiple wikis. (For security options when using a multiple wiki farm, read about img_ath.php.)

See this section to see why I have taken these steps. It might seem paranoid, but I was hacked within one hour of installing MediaWiki the first time I installed it. Now that I've learned some basics about security, I've not been hacked again (to my knowledge!)

Increase PHP memory limits

  • If insufficient memory is allocated for PHP to process the wiki, an error ("memory exhausted") will result. This line in LocalSettings.php is pretty important, therefore, and should be near the beginning: 
# If PHP's memory limit is very low, some operations may fail.
ini_set( 'memory_limit', '96M' );

Increase PHP uploaded file size limits

  • The default for filesize uploads in MediaWiki is only 2 Mb, which is entirely insufficient for most purposes. Add these lines to LocalSettings.php to increase the maximum filesize for uploads: 
# Increase the maximum allowed filesize for uploads (in Mb)
ini_set( 'post_max_size', '50M' );
ini_set( 'upload_max_filesize', '50M' );
  • In addition, the global maximum file sizes allowed in PHP5 for Apache2 must be increased as well. The PHP scripting language is used for uploads. Absolute upload limits for the Apache webserver are set in a PHP configuration file and must be changed there.
  • Your uploads are probably larger than the default upload limits of PHP (set at 2 Mb, or "2M", by default), so we will need to increase those. In the example below, I will change the upload limit to 100 Mb ("100M"). Two parameters must be changed in the php.ini configuration file in /etc/php5/apache2 (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
cd /etc/php5/apache2
sudo kate php.ini
  • Change: 
post_max_size = 8M
to 
post_max_size = 100M
  • Change: 
upload_max_filesize = 2M
to 
upload_max_filesize = 100M
  • Save the file and restart apache2: 
sudo /etc/init.d/apache2 restart

Change the default logo

  • I tried to use the $wglogo setting in the LocalSettings.php file, but it did not work for me. Instead, I backed up the original logo file and replaced it with the file I want to use (in this example WikiLogo.png): 
sudo mv /usr/share/mediawiki/skins/common/images/wiki.png /usr/share/mediawiki/skins/common/images/wikioriginal.png
sudo cp /home/user/WikiLogo.png /usr/share/mediawiki/skins/common/images/wiki.png

A transparent background for the logo is desirable. (You can use Gimp to create an alpha transparency layer for any photo. See these instructions.) You can use Gimp or Gwenview to resize the image.

  • At the same time I set the "Favicon" (the small icon that appears in a browser's address bar or bookmark list) using the $wgFavicon setting in the LocalSettings.php file.

Make backups

MediaWiki saves its content files in whichever database you are using as a backend (MySQL or PostgreSQL). For a full backup, you would have to backup the MediaWiki database.

XML dump

It is easiest, however, to backup content with an XML dump, which can then be imported to future (or even past) versions of MediaWiki. See these instructions. In brief:

  • If you do not have a backup folder, make one now: 
sudo mkdir /etc/mediawiki/backups
sudo chmod -R 777 /etc/mediawiki/backups
  • Edit your LocalSettings.php file: 
sudo nano /etc/mediawiki/LocalSettings.php

and add the lines: 

##Database administrative user/password
$wgDBadminuser     = $wgDBuser;
$wgDBadminpassword = $wgDBpassword;
  • then run the XML dump script from a command-line terminal: 
sudo php /usr/share/mediawiki/maintenance/dumpBackup.php --current > /etc/mediawiki/backups/MediaWikiBackup_DateToday
Note: I usually specify today's date in place of DateToday.
Note: To use this, php5-cli must already have been installed: 
sudo apt-get install php5-cli
  • If you wish to protect this backup folder, you can change the permissions. 
sudo chmod -R 444 /etc/mediawiki/backups
Import XML dump

To import the XML dump you made: 

sudo php /usr/share/mediawiki/maintenance/importDump.php /etc/mediawiki/backups/MediaWikiBackup_DateToday

Note that when you import XML dumps, it maintains revision dates. if you have pages that are more recent than the imported pages, then the more recent pages will be retained. If you want to promote an imported page to the most recent page, you must do this in the page history section (like usual).

This drove me nuts until I figured this out, because, of course, when you upgrade or reinstall a wiki, the newly created Main Page will be the most recent (not the old Main Page from the imported wiki). The imported Main Page does not show up unless you promote the old version from the history file.

Export individual pages to XML

If you have sufficient privileges, you can export a page (or multiple pages) from within the wiki. For example, to export Ubuntuguide:Karmic :

Wiki -> toolbox -> Special pages -> Page tools -> Export pages ->
Large text box: Ubuntu:Karmic
Include only the current revision, not the full history: (ticked)
Include templates: (ticked)
Save as file: (ticked)

The saved XML file can then be imported into another MediaWiki wiki using

Wiki -> toolbox -> Special pages -> Page tools -> Import pages -> saved_export.xml

What I often do is look at the list of Special:AllPages and either copy the entire list or just the pages I want to back up into the Special:Export list.

Full system backup

To backup images, user settings, and other settings, you would also back up the file system (contained variably in the folders /etc/mediawiki, /var/lib/mediawiki, and usr/share/mediawiki). See the MediaWiki backup instructions.

Upgrading

See Upgrading MediaWiki.

  • The primary installation folder is at /usr/share/mediawiki, but user files are also stored in /etc/mediawiki and /var/lib/mediawiki.

Backup and restore the MySQL database

  • This is an alternative that is necessary if you wish to backup during a migration of your wiki. The best way is to backup the original database with a MySQL dump: 
mysqldump -u user -p databasename > wikidatabasebackupfile.sql
or, if on a remote host: 
mysqldump -h hostname -u username -p databasename > wikidatabasebackupfile.sql
Note that the username and password should be the username and password that were used to create the specific database (not the MySQL root username/password). (If you can't remember what they were, check the LocalSettings.php file for the $wgDBname, $wgDBuser, and $wgDBpassword values).
  • The database should be restored to an empty database in the new site, because if you re-install a new database in the new site and then attempt to restore your old backed-up database on top of it, there is likely to be incompatibilities between the two. Here the username and password are those for the new empty database just created. (It probably is best to make them the same as those of the imported database.) 
mysql -u username -p databasename < wikidatabasebackupfile.sql
Notes: This was successful for me only if backing up and restoring to exactly the same version of MediaWiki. I could not back up the database from one version of MediaWiki then restore to an upgraded version of MediaWiki, because the scripts of the upgraded version of MediaWiki did not access the database in the same manner. I therefore performed upgrades only after moving the database.

Empty a database

I hesitate to put these instructions here. Be careful. This erases your database. Use it only if you are confident that you have made good backups. I use this only if I have created a database by accident (during the MediaWiki installation process) and wish to erase/empty it. 

mysql -u root -p
mysql> DROP DATABASE mysqlexampledatabase;
mysql> quit

If your MySQL superuser name is something other than root, then use that, of course. Don't forget the semicolon ( ; ) at the end of each MySQL command.

Of course, once you erase the database, you must re-create a blank one for use with MediaWiki. 

sudo dpkg-reconfigure mediawiki

Then you can restore the backup (as created above with mysqldump) into the newly recreated (but still empty) database. 

mysql -u username -p databasename < wikidatabasebackupfile.sql

Moving a MediaWiki installation to a new site

  • Install mediawiki on the new site (sudo apt-get install mediawiki). When creating the database, use the same values as used on the old site. If you can't remember what they were, look at the /etc/mediawiki/LocalSettings.php (or similar) file for the old site (which contains the values for the old site).
  • On the new site, rename the newly created folders
  • /etc/mediawiki
  • /usr/share/mediawiki
  • /var/lib/mediawiki
to
  • /etc/mediawiki.bak
  • /usr/share/mediawiki.bak
  • /var/lib/mediawiki.bak
  • Copy the /etc/mediawiki , /usr/share/mediawiki , and /var/lib/mediawiki folders from the old site to the new site. (This needs to be done as the root user, which can be done with sudo dolphin).
  • Copy the database dumpfile from the old site to the new site.
  • Check the LocalSettings.php file (and other folder) permissions to make sure they match the permissions of the original system. (Sometimes during the copy process the ownership of all files and folders will be set to root.)

Notes: I have never been successful in performing an upgrade in the middle of this process. I recommend moving the site exactly, and then performing any upgrades after it is moved.

Install multiple MediaWiki sites

Multiple wikis

This method allows the installation of more than one wiki using different databases (on a single server using the same source code). This setup is transparent to users and is reasonably secure in terms of the images/files directory. This method also allows nested subwikis. Similar methods can be found at the Mediawiki wiki.

  • Install MediaWiki from packages as usual (if not already done). MediaWiki is installed by default to /usr/share/mediawiki. (If you wish to upgrade to a more recent version, extract the latest MediaWiki tar.gz archive into this folder.) A directory /etc/mediawiki is also created when installing from the package.
  • In this method, it is not necessary (nor recommended) to edit the /etc/mediawiki/apache.conf file (as is done in the single wiki installation).
  • Create a folder for each wiki (in this example named mywiki_1 and mywiki_2). 
sudo mkdir /etc/mediawiki/mywiki_1
sudo mkdir /etc/mediawiki/mywiki_2
  • Create an upload folder for images/files in each wiki folder: 
sudo mkdir /etc/mediawiki/mywiki_1/images
sudo mkdir /etc/mediawiki/mywiki_2/images

You can add an .htaccess file to each images folder (as described above) for better security.

  • The images folders should belong to the group www-data (the Apache2 group), and the group should have "Can View & Modify Content" permissions. 
sudo chown root:www-data /etc/mediawiki/mywiki_1/images
sudo chown root:www-data /etc/mediawiki/mywiki_2/images
sudo chmod 664 /etc/mediawiki/mywiki_1/images
sudo chmod 664 /etc/mediawiki/mywiki_2/images
  • Copy each 135x135 image that you wish to use as a wiki logo (in the upper left corner) into the /etc/mediawiki/mywiki_x/images folder of each of the wikis. Rename it WikiLogo.png in that folder.
  • Copy the LocalSettings.php configuration file for any existing wiki (if you have already created one) as a backup (just in case something goes wrong): 
sudo cp /etc/mediawiki/LocalSettings.php LocalSettings_backup.php
  • Note that you can also use this LocalSettings.php file for one of the wikis by copying it into one of the wiki subfolders and then editing the appropriate lines in the LocalSettings.php file once it is copied there (see below).
  • Rename the LocalSettings.php file in the original installation config folder to a backup, as well: 
 sudo mv /var/lib/mediawiki/config/LocalSettings.php LocalSettings_original.php
  • Edit the config file so it recognizes MediaWiki: 
sudo nano /etc/mediawiki/apache.conf

Uncomment (remove the #) the line: 

Alias /mediawiki /var/lib/mediawiki
  • Restart apache2: 
sudo /etc/init.d/apache2 restart
  • Give the /var/lib/mediawiki/config folder read/write permissions during installation: 
sudo chmod 777 /var/lib/mediawiki/config
  • Run/install MediaWiki from the (Konqueror/Firefox) web browser by logging into: 
http://localhost/mediawiki
  • Wiki name: My Wiki 1
  • Contact e-mail: webmaster@mydomain.org
  • Admin username: wiki1_admin -> Password: wiki1_admin_pw
  • Object caching: No caching
  • E-mail features (all): disabled (optional)
  • Database config: MySQL -> Database host: localhost -> Database name: wiki1db -> DB username: wiki1user -> DB password: wiki1pw -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: root_mysql_pw -> Database table prefix: wiki1_
  • Copy your LocalSettings.php configuration file to /etc/mediawiki/mywiki_1 (and make a backup of the original): 
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/mywiki_1
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_wiki1_install.php
  • Repeat the MediaWiki installation from the (Konqueror/Firefox) web browser by again logging into: 
http://localhost/mediawiki
  • Wiki name: My Wiki 2
  • Contact e-mail: webmaster@mydomain.org
  • Admin username: wiki2_admin -> Password: wiki2_admin_pw
  • Object caching: No caching
  • E-mail features (all): disabled (optional)
  • Database config: MySQL -> Database host: localhost -> Database name: wiki2db -> DB username: wiki2user -> DB password: wiki2pw -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: root_mysql_pw -> Database table prefix: wiki2_
  • Copy your LocalSettings.php configuration file to /etc/mediawiki/mywiki_2 (and make a backup of the original): 
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/mywiki_2
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_wiki2_install.php
  • You can repeat this multiple times if you want more wikis.
  • Re-edit the config file: 
sudo nano /etc/mediawiki/apache.conf

Re-comment (add the #) the line: 

#Alias /mediawiki /var/lib/mediawiki
  • Restart apache2: 
sudo /etc/init.d/apache2 restart
  • Edit your LocalSettings.php configuration file for each wiki (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/mediawiki/mywiki_1/LocalSettings.php
sudo kate /etc/mediawiki/mywiki_2/LocalSettings.php
Make sure the following lines are included in the LocalSettings.php file, replacing similar lines that already exist in the file and substituting mywiki_1 or mywiki_2 where appropriate: 
# If PHP's memory limit is very low, some operations may fail.
ini_set( 'memory_limit', '96M' );
#
#$wgScriptPath             = "/mediawiki";
$wgScriptPath              = "/mywiki_1";
$wgLogo                    = "$wgScriptPath/images/WikiLogo.png";
#
$wgUploadDirectory         = $_SERVER['DOCUMENT_ROOT'].'/mywiki_1/images';
$wgUploadPath              = "$wgScriptPath/images";
#
#Database administrative user/password
$wgDBadminuser             = $wgDBuser;
$wgDBadminpassword         = $wgDBpassword;
#
#These are set for initial maximum security. They can be changed later.
#
#User restrictions
#Account creation by anonymous users
$wgGroupPermissions['*']['createaccount']       = false;
#Account creation by registered users
$wgGroupPermissions['user']['createaccount']    = false;
#Account creation by sysops
$wgGroupPermissions['sysop']['createaccount']   = true;
#
#Anonymous user permissions
$wgGroupPermissions['*']['edit']                = false;
$wgGroupPermissions['*']['createpage']          = false;
$wgGroupPermissions['*']['createtalk']          = false;
#
#Uploads rules
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
#$wgEnableUploads                               = false;
$wgEnableUploads                                = true;
#Only allow restricted uploads
$wgCheckFileExtensions                          = true;
$wgStrictFileExtensions                         = true;
$wgFileExtensions          = array('png', 'gif', 'jpg'); 
#Permissions for uploads
#Not for Anonymous
$wgGroupPermissions['*']['upload']              = false;
$wgGroupPermissions['*']['reupload']            = false;
$wgGroupPermissions['*']['reupload-shared']     = false;
#Uploads (but not re-uploads) for Users
$wgGroupPermissions['user']['upload']           = true;
$wgGroupPermissions['user']['reupload']         = false;
$wgGroupPermissions['user']['reupload-shared']  = false;
#Sysops
$wgGroupPermissions['sysop']['upload']          = true;
$wgGroupPermissions['sysop']['reupload']        = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
#
#For ReCaptcha -- this requires installing the Recaptcha extension
#
#require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );
# Sign up for these at http://recaptcha.net/api/getkey
#$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx ';
#$recaptcha_private_key = ' ababababababababa ';
#
#The clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day
In addition, a private wiki page should only be able to be read by registered users, so add these lines to LocalSettings.php for any private wiki: 
#This example will disable viewing of all pages not listed in $wgWhitelistRead, then re-enable for registered users only:
$wgGroupPermissions['*']['read']    = false;
# The following line is not actually necessary, since it's in the defaults. Setting
# '*' to false doesn't disable rights for groups that have the right separately set
# to true!
$wgGroupPermissions['user']['read'] = true;
  • Link the files from your installation directory to each wiki folder: 
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/mywiki_1/.
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/mywiki_2/.
  • For each wiki, create a subfolder in the Apache2 folder /var/www. 
sudo mkdir /var/www/Mywiki_1
sudo mkdir /var/www/MyWiki_2
  • For each wiki, create a symbolic link from the Apache2 subfolder to the main wiki folder: 
sudo ln -s /etc/mediawiki/mywiki_1 /var/www/MyWiki_1/mywiki_1
sudo ln -s /etc/mediawiki/mywiki_2 /var/www/MyWiki_2/mywiki_2
Note: It is possible to create nested subwikis for each of the primary wikis. See the next section.
  • For each wiki, create and edit a virtual host (vhost) Apache2 configuration file (e.g. /etc/apache2/sites-available/mywiki_1vhost). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/apache2/sites-available/mywiki_1vhost
so that the lines are similar to: 
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/MyWiki_1
DirectoryIndex index.php index.html
#
ServerName mywiki_1.mydomain.org
ServerAlias *.mywiki_1.mydomain.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^subwiki1*
RewriteCond %{REQUEST_URI}  !^subwiki2*
RewriteRule   ^/(/.*|)$  /mywiki_1/$1  [R]
#
<Directory /var/www/MyWiki_1>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Create a virtual host file for mywiki_2 as well.
Pay attention to the rewrite rule: 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^subwiki1*
RewriteCond %{REQUEST_URI}  !^subwiki2*
RewriteRule   ^/(/.*|)$  /mywiki_1/$1  [R]

This is a complex rule that means that as long as the REQUEST_URI (which is the part after the server name, i.e. http://mywiki_x.mydomain.org/REQUEST_URI) does not match subwiki1 or subwiki2 (the symbol ! means not), then use mywiki_1 as the default directory. This rule allows the use not only of a primary wiki but also subwikis (see the next section) for each of the primary wikis.

  • Remember that your virtual host configuration files won't be active until you make symbolic links: 
sudo ln -s /etc/apache2/sites-available/mywiki_1vhost /etc/apache2/sites-enabled
sudo ln -s /etc/apache2/sites-available/mywiki_2vhost /etc/apache2/sites-enabled
  • Make sure the rewrite engine is enabled: 
sudo a2enmod rewrite
  • Restart Apache: 
sudo /etc/init.d/apache2 restart
  • The two separate wiki sites will now be available:
http://mywiki_1.mydomain.org
and
http://mywiki_2.mydomain.org

Multiple subwikis

MediaWiki is a very powerful system, but you must choose whether to make it completely public or completely private (it does not yet have fine-grained per-page access controls). One solution is to create one subwiki for private usage and another subwiki for public display.

Below is outlined a method for creating multiple subwikis. Each subwiki will have its own database and its own LocalSettings.php configuration file as well as Images (/Files) directory. However, all the subwikis will share the underlying MediaWiki code (stored in the installation directory). When it is time to upgrade, the files in the installation directory can be upgraded without risking the loss of the files in each subwiki folder.

I have adapted information originally posted here and here. (None of the independent instructions on those sites worked for me, however, so I used a combination of all of them.)

The instructions below worked for me on (K)Ubuntu 9.04 (Jaunty), 9.10 (Karmic), and 10.04 (Lucid) using MediaWiki 1.13 and 1.15 and PHP5.

  • Install MediaWiki from packages as usual (if not already done). MediaWiki is installed by default to /usr/share/mediawiki. (If you wish to upgrade to a more recent version, extract the latest MediaWiki tar.gz archive into this folder.) A directory /etc/mediawiki is also created when installing from the package.
  • In this method, it is not necessary (nor recommended) to edit the /etc/mediawiki/apache.conf file (as is done in the single wiki installation).
  • Create a folder for each subsite (in this example named subwiki1 and subwiki2). 
sudo mkdir /etc/mediawiki/subwiki1
sudo mkdir /etc/mediawiki/subwiki2
  • Create an upload folder for images/files in each subwiki folder: 
sudo mkdir /etc/mediawiki/subwiki1/images
sudo mkdir /etc/mediawiki/subwiki2/images

You can add an .htaccess file to each images folder (as described above) for better security.

  • The images folders should belong to the group www-data (the Apache2 group), and the group should have "Can View & Modify Content" permissions. 
sudo chown root:www-data /etc/mediawiki/subwiki1/images
sudo chown root:www-data /etc/mediawiki/subwiki2/images
sudo chmod 664 /etc/mediawiki/subwiki1/images
sudo chmod 664 /etc/mediawiki/subwiki2/images
  • Copy each 135x135 image that you wish to use as a wiki logo (in the upper left corner) into the /etc/mediawiki/subwikix/images folder of each of the subwikis. Rename it WikiLogo.png in that folder.
  • Copy the LocalSettings.php configuration file for any existing wiki (if you have already created one) as a backup (just in case something goes wrong): 
sudo cp /etc/mediawiki/LocalSettings.php LocalSettings_backup.php
  • Note that you can also use this LocalSettings.php file for one of the subwikis by copying it into a subwiki folder and then changing the appropriate lines in the LocalSettings.php file once it is copied there (see below).
  • Rename the LocalSettings.php file in the original installation config folder to a backup, as well: 
 sudo mv /var/lib/mediawiki/config/LocalSettings.php LocalSettings_original.php
  • Run/install MediaWiki from the (Konqueror/Firefox) web browser by logging into: 
http://localhost/mediawiki
  • Wiki name: My Subwiki 1
  • Contact e-mail: webmaster@mydomain.org
  • Admin username: wiki1_admin -> Password: wiki1_admin_pw
  • Object caching: No caching
  • E-mail features (all): disabled (optional)
  • Database config: MySQL -> Database host: localhost -> Database name: subwiki1db -> DB username: subwiki1user -> DB password: subwiki1pw -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: root_mysql_pw -> Database table prefix: subwiki1_
  • Copy your LocalSettings.php configuration file to /etc/mediawiki/subwiki1 (and make a backup of the original): 
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/subwiki1
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_subwiki1_install.php
  • Repeat the MediaWiki installation from the (Konqueror/Firefox) web browser by again logging into: 
http://localhost/mediawiki
  • Wiki name: My Subwiki 2
  • Contact e-mail: webmaster@mydomain.org
  • Admin username: wiki2_admin -> Password: wiki2_admin_pw
  • Object caching: No caching
  • E-mail features (all): disabled (optional)
  • Database config: MySQL -> Database host: localhost -> Database name: subwiki2db -> DB username: subwiki2user -> DB password: subwiki2pw -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: root_mysql_pw -> Database table prefix: subwiki2_
  • Copy your LocalSettings.php configuration file to /etc/mediawiki/subwiki2 (and make a backup of the original): 
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/subwiki2
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_subwiki2_install.php
  • You can repeat this multiple times if you want more wikis.
  • The LocalSettings.php configuration file for each wiki must be edited. See this tutorial. There are many security settings that must be changed before going live, or the site will certainly be hacked.
Edit your LocalSettings.php configuration file for each subwiki (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/mediawiki/subwiki1/LocalSettings.php
sudo kate /etc/mediawiki/subwiki2/LocalSettings.php
Make sure the following lines are included in the LocalSettings.php file, replacing similar lines that already exist in the file and substituting subwiki1 or subwiki2 where appropriate: 
# If PHP's memory limit is very low, some operations may fail.
ini_set( 'memory_limit', '96M' );
#
#$wgScriptPath             = "/mediawiki";
$wgScriptPath              = "/subwiki1";
$wgLogo                    = "$wgScriptPath/images/WikiLogo.png";
#
$wgUploadDirectory         = $_SERVER['DOCUMENT_ROOT'].'/subwiki1/images';
$wgUploadPath              = "$wgScriptPath/images";
#
#Database administrative user/password
$wgDBadminuser             = $wgDBuser;
$wgDBadminpassword         = $wgDBpassword;
#
#These are set for initial maximum security. They can be changed later.
#
#User restrictions
#Account creation by anonymous users
$wgGroupPermissions['*']['createaccount']       = false;
#Account creation by registered users
$wgGroupPermissions['user']['createaccount']    = false;
#Account creation by sysops
$wgGroupPermissions['sysop']['createaccount']   = true;
#
#Anonymous user permissions
$wgGroupPermissions['*']['edit']                = false;
$wgGroupPermissions['*']['createpage']          = false;
$wgGroupPermissions['*']['createtalk']          = false;
#
#Uploads rules
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
#$wgEnableUploads                               = false;
$wgEnableUploads                                = true;
#Only allow restricted uploads
$wgCheckFileExtensions                          = true;
$wgStrictFileExtensions                         = true;
$wgFileExtensions          = array('png', 'gif', 'jpg'); 
#Permissions for uploads
#Not for Anonymous
$wgGroupPermissions['*']['upload']              = false;
$wgGroupPermissions['*']['reupload']            = false;
$wgGroupPermissions['*']['reupload-shared']     = false;
#Uploads (but not re-uploads) for Users
$wgGroupPermissions['user']['upload']           = true;
$wgGroupPermissions['user']['reupload']         = false;
$wgGroupPermissions['user']['reupload-shared']  = false;
#Sysops
$wgGroupPermissions['sysop']['upload']          = true;
$wgGroupPermissions['sysop']['reupload']        = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
#
#For ReCaptcha -- this requires installing the Recaptcha extension
#
#require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );
# Sign up for these at http://recaptcha.net/api/getkey
#$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx ';
#$recaptcha_private_key = ' ababababababababa ';
#
#The clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day
In addition, a private wiki page should only be able to be read by registered users, so add these lines to LocalSettings.php for any private subwiki: 
#This example will disable viewing of all pages not listed in $wgWhitelistRead, then re-enable for registered users only:
$wgGroupPermissions['*']['read']    = false;
# The following line is not actually necessary, since it's in the defaults. Setting
# '*' to false doesn't disable rights for groups that have the right separately set
# to true!
$wgGroupPermissions['user']['read'] = true;
  • Create a subfolder in the Apache2 folder /var/www. 
sudo mkdir /var/www/Mywiki
Note: It is possible to create multiple primary wikis, each with several subwikis. Each primary wiki should have its own subfolder in the Apache2 folder /var/www. See this section.
  • Create symbolic links from the Apache2 subfolder to the subwiki folders: 
sudo mkdir /var/www/MyWiki
sudo ln -s /etc/mediawiki/subwiki1 /var/www/MyWiki/subwiki1
sudo ln -s /etc/mediawiki/subwiki2 /var/www/MyWiki/subwiki2
  • Link the files from your installation directory to each subwiki folder: 
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/subwiki1/.
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/subwiki2/.
  • Create and edit a virtual host (vhost) Apache2 configuration file (e.g. /etc/apache2/sites-available/mywikivhost). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/apache2/sites-available/mywikivhost
so that the lines are similar to: 
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/MyWiki
DirectoryIndex index.php index.html
#
ServerName mywiki.mydomain.org
ServerAlias *.mywiki.mydomain.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^subwiki1*
RewriteCond %{REQUEST_URI}  !^subwiki2*
RewriteRule   ^/(/.*|)$  /subwiki1/$1  [R]
#
<Directory /var/www/MyWiki>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Pay attention to the rewrite rule: 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^subwiki1*
RewriteCond %{REQUEST_URI}  !^subwiki2*
RewriteRule   ^/(/.*|)$  /subwiki1/$1  [R]

This is a complex rule that means that as long as the REQUEST_URI (which is the part after the server name, i.e. http://mywiki.mydomain.org/REQUEST_URI) does not match subwiki1 or subwiki2 (the symbol ! means not), then use subwiki1 as the default directory.

  • Remember that your virtual host configuration file won't be active until you make a symbolic link: 
sudo ln -s /etc/apache2/sites-available/mywikivhost /etc/apache2/sites-enabled
  • Make sure the rewrite engine is enabled: 
sudo a2enmod rewrite
  • Restart Apache: 
sudo /etc/init.d/apache2 restart
  • The two separate wiki sites will now be available:
http://mywiki.mydomain.org or http://mywiki.mydomain.org/subwiki1
and
http://mywiki.mydomain.org/subwiki2

Troubleshooting

  • If you are trying to add more subsites to an existing multi-site installation, then you must have only one Apache2 virtual host configuration file pointing to MediaWiki. That virtual host configuration file must point to the main installation files (/usr/share/mediawiki) as if you were installing a single user for the first time. (This is necessary for the installation scripts to create the new database properly.)
This is most easily done by deleting the links in the /etc/apache2/sites-enabled folder that correspond to the already existing subsite virtual hosts configuration files located in the /etc/apache2/sites-available folder. (You can leave the files in the /etc/apache2/sites-available folder alone). Then restart apache2 ( sudo /etc/init.d/apache2 restart).
Then make sure that you have a single virtual host file that points to /usr/share/mediawiki in the /etc/apache2/sites-available folder, as well as a link to it in the /etc/apache2/sites-enabled folder. Then restart apache2 (sudo /etc/init.d/apache2 restart) again.
After you have finished an additional installation, you can re-enable the specific subsite virtual host configuration files in the /etc/apache2/sites-available folder by again making links from them into the /etc/apache2/sites-enabled folder (and, of course, restarting apache2).
  • Pay close attention to the variable in LocalSettings.php: 
$wgScriptPath = "/mediawiki";

If using multiple wikis, this should be changed.

  • If your virtual hosts and /var/www symbolic links point the URL directly to the folder in which the subwiki resides, then the variable should be: 
$wgScriptPath = "";
For example, if subwiki_1 is located at /etc/mediawiki/subwiki_1 and the virtual host file points the URL to the directory /var/www/subwiki_1, which is symbolically linked to /etc/mediawiki/subwiki_1 using 
sudo ln -s /etc/mediawiki/subwiki_1 /var/www/subwiki_1
then in LocalSettings.php the $wgScriptPath variable should be: 
$wgScriptPath = "";
  • If you are using multiple subwikis of the format www.mydomain.org/Subwiki_2 and www.mydomain.org/Subwiki_3, and there is a folder /var/www/Wikis with symbolic links to the various subwikis: 
sudo ln -s  sudo ln -s /etc/mediawiki/subwiki_2 /var/www/Wikis/subwiki_2
sudo ln -s  sudo ln -s /etc/mediawiki/subwiki_3 /var/www/Wikis/subwiki_3
and the virtual host file for www.mydomain.org points only to the directory /var/www/Wikis, then in LocalSettings.php the $wgScriptPath variables should be: 
$wgScriptPath = "/subwiki_2";
or 
$wgScriptPath = "/subwiki_3";

Build your site

You should be ready to go. Start building your site.

Mediawiki site building tips

Introduction

MediaWiki is one of the most widely used wiki servers in the world. It is the software used by Wikipedia. It is free and open source and can be customised to many different uses by installing additional modules. This page is a cookbook of how I set up a MediaWiki site and may be helpful for getting an initial site customized. I am assuming you have one (or multiple) MediaWiki installations running using these instructions.

Choose the Main Page

Edit the page " Mediawiki:Mainpage " from within your wiki and as content enter the name of the page you wish to designate as your main page. For more info, see this section of the Mediawiki FAQ.

Add Spam filters

See this article for several effective methods for stopping MediaWiki spam.

Captcha

ConfirmEdit

The ConfirmEdit extension is a way to combat automated (spam) edits using a simple text, math, or question-based Captcha mechanism. Install: 

sudo wget http://upload.wikimedia.org/ext-dist/ConfirmEdit-MW1.16-r62678.tar.gz
sudo tar -xzf ConfirmEdit-MW1.16-r62678.tar.gz -C /var/lib/mediawiki/extensions
sudo rm ConfirmEdit-MW1.16-r62678.tar.gz
  • Add the following line near the end of LocalSettings.php: 
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );

ReCaptcha

ReCaptcha is a webservice Captcha module to present a text challenge for user-input that is unreadable by computer bots, lessening the chance of automated input (spam and vandalism). This can be used for wikis and for other uses. A ReCaptcha extension for MediaWiki is available.

  • Download and install: 
cd /var/lib/mediawiki/extensions
sudo wget -O currentrecaptcha.zip http://recaptcha.googlecode.com/files/recaptcha-mediawiki-1.7.zip
sudo unzip currentrecaptcha.zip
sudo rm currentrecaptcha.zip
  • Edit the Mediawiki LocalSettings.php file (assuming you put it in /etc/mediwiki). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/mediawiki/LocalSettings.php
and add the following lines: 
#For ReCaptcha
require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );
# Sign up for these at http://recaptcha.net/api/getkey
$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx ';
$recaptcha_private_key = ' ababababababababa ';
where xyxyxyxyxyxyxyxyx is the public key obtained in the previous step and ababababababababa is the private key.

Now ReCaptcha should appear automatically for new user sign-ups, anonymous edits that contain new external links, and brute-force password cracking attempts. Captcha behavior can be modified by adding lines to LocalSettings.php: 

// Fix the default captcha behaviour
$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;
#
$wgCaptchaTriggers['edit']          = true;
$wgCaptchaTriggers['create']        = true;
$wgCaptchaTriggers['createaccount'] = true;

Spam blacklist

SpamBlacklist is an extension that prevents edits that include one of the URLs in a spam list. The default blacklist is the one used by Wikimedia. Install: 

sudo mkdir /var/lib/mediawiki/extensions/SpamBlacklist
cd /var/lib/mediawiki/extensions/SpamBlacklist
sudo wget http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/SpamBlacklist/SpamBlacklist.php
sudo wget http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/SpamBlacklist/SpamBlacklist_body.php
sudo wget http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/SpamBlacklist/SpamBlacklist.i18n.php
sudo wget http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/SpamBlacklist/cleanup.php
sudo wget http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/SpamBlacklist/README
  • Add to the end of your LocalSettings.php file: 
#
# This is the SpamBlacklist from Wikimedia:
require_once( "$IP/extensions/SpamBlacklist/SpamBlacklist.php" );
#
$wgSpamBlacklistFiles = array("http://meta.wikimedia.org/wiki/Spam_blacklist");
#
  • Alternatively, you could download the Wikimedia blacklist from http://meta.wikimedia.org/wiki/Spam_blacklist into a file named wikimedia_blacklist that is stored in the /var/lib/mediawiki/extensions/SpamBlacklist folder. Then in LocalSettings.php use the variable: 
$wgSpamBlacklistFiles = array("$IP/extensions/SpamBlacklist/wikimedia_blacklist");
  • Add specific websites (or rules) to the pages:
  • MediaWiki:Spam-blacklist
and
  • MediaWiki:Spam-whitelist

Note: I advise putting an administrator lock on MediaWiki:Spam-whitelist.

Check Spambots

Check Spambots is an automated script that may be configured to query the one of several spambot or open-proxy-IP-address databases prior to allowing a user to perform a function. (APIs are required for several of these databases.) Install: 

sudo mkdir /var/lib/mediawiki/extensions/CheckSpambots
cd /var/lib/mediawiki/extensions/CheckSpambots
  • Copy the CheckSpambots.php script from this location and save it as /var/lib/mediawiki/extensions/CheckSpambots/CheckSpambots.php (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /var/lib/mediawiki/extensions/CheckSpambots/CheckSpambots.php

Also download and save into the /var/lib/mediawiki/extensions/CheckSpambots folder the files (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 

sudo kate /var/lib/mediawiki/extensions/CheckSpambots/check_spammers_plain.php

sudo kate /var/lib/mediawiki/extensions/CheckSpambots/en.php

sudo kate /var/lib/mediawiki/extensions/CheckSpambots/functions.php

sudo kate /var/lib/mediawiki/extensions/CheckSpambots/config.php

Edit the config.php to choose which databases to check, where to log results, and other variables.

  • Add to the end of your LocalSettings.php file these lines: 
#
# CheckSpambots 
#
require_once("extensions/CheckSpambots/CheckSpambots.php");
#
$wgEnableSorbs = false;
#

Note: The $wgEnableSorbs variable is not required with/after MediaWiki 1.16.

Bad Behavior

Bad Behavior is an extension (created for Wordpress blogs) which blocks e-mail harvesters, spambots, and other malicious intent. See the configuration settings. Install: 

cd /var/lib/mediawiki/extensions
sudo wget http://downloads.wordpress.org/plugin/bad-behavior.2.0.41.zip
sudo unzip bad-behavior.2.0.41.zip
sudo rm bad-behavior.2.0.41.zip
  • Towards the end of your LocalSettings.php file add the lines: 
#
# the Bad Behavior extension
#
include_once( "$IP/includes/DatabaseFunctions.php" );
include( "$IP/extensions/bad-behavior/bad-behavior-mediawiki.php" );
#
  • Bad-behavior logs to a database, which doesn't work for me. Turn this off by editing the bad-behavior-mediawiki.php file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /var/lib/mediawiki/extensions/bad-behavior/bad-behavior-mediawiki.php

and change the line: 

'logging' => true,
to 
'logging' => false,

AkismetKlik

AkismetKlik uses the Akismet engine (created for Wordpress blogs) to filter comment spammers.

ConfirmAccount

The Confirm Account extension disables direct account creation and requires the approval of new accounts by a bureaucrat. (As spam becomes increasingly prevalent, this maneuver often becomes necessary).

SideBar Donate

This SideBarDonateBox extension adds a PayPal donate button to the Sidebar. (Sign up with PayPal donate and generate the code for a Donate button first.) Install: 

sudo mkdir /var/lib/mediawiki/extensions/SidebarDonateBox
cd /var/lib/mediawiki/extensions/SidebarDonateBox
sudo wget http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/SidebarDonateBox/SidebarDonateBox.php
  • Add to the LocalSettings.php file code similar to this: 
# This is for the Sidebar PayPal button
#
require_once("$IP/extensions/SidebarDonateBox/SidebarDonateBox.php");
#
#$egSidebarDonateBoxContent = 'PayPal code';
#
$egSidebarDonateBoxContent = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="12345678">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>';
#
Replace the value 12345678 with the value for the PayPal Donate button generated for your account.

Google AdSense

Few websites make money from placing ads, anymore, simply because there are so many websites. (In 5 years I made no more than a dollar.) Still, Google Adsense is one of the few ways to easily place ads on your site. (Google is selective about its partners these days, so make sure your website is mature and fully functional before signing up with Google AdSense.)

  • Sign up for Google AdSense and wait for a confirmation e-mail (usually takes 2 days).
  • Create an ad unit as instructed in the confirmation e-mail.
  • Google AdSense -> AdSense Setup -> AdSense for Content
-> Ad unit - Choose if you just want images, text or both -> Continue
-> Format: 124 x 240 Vertical Banner
-> Colors: Graphite (or your preference)
-> Other desired settings -> Submit and get code
  • Save the generated code to a text file.

Google AdSense2

The MediaWiki Google AdSense 2 extension places an AdSense box in the MediaWiki sidebar. This has the advantage of being visible on every page. You must create a 124 x 240 Vertical Banner ad unit to use with it.

  • Download and install : 
sudo wget http://upload.wikimedia.org/ext-dist/GoogleAdSense-MW1.16-r61946.tar.gz
sudo tar -xzf GoogleAdSense-MW1.16-r61946.tar.gz -C /var/lib/mediawiki/extensions
  • Using the settings found in the generated code, edit your LocalSettings.php file, adding the lines: 
#
# This section is for Google AdSense
#
require_once( "$IP/extensions/GoogleAdSense/GoogleAdSense.php" );
$wgGoogleAdSenseClient = 'replace this with the client name';
$wgGoogleAdSenseSlot = 'replace this with the slot name';
$wgGoogleAdSenseID = 'replace this with your ID';
// Width of the AdSense box, specified in your AdSense account
$wgGoogleAdSenseWidth  = 120;
// Height of the AdSense box, specified in your AdSense account
$wgGoogleAdSenseHeight = 240;
// Source URL of the AdSense script
$wgGoogleAdSenseSrc    = "http://pagead2.googlesyndication.com/pagead/show_ads.js";
// Show the AdSense box only for anonymous users
$wgGoogleAdSenseAnonOnly = false;
#
  • While logged into your MediaWiki site as an administrator, edit the page Mediawiki:Common.css and add the lines: 
/* Pad Google AdSense box in portlet in sidebar */
#p-googleadsense .pBody {
 padding-top: 5px;
 text-align:  center;
}
  • Google AdSense will now appear in the sidebar. Obviously, users who block scripts (using NoScript, for example) or block ads (using Adblock Plus, for example) will not be able to view the ads. To test whether the ads display correctly, make sure your own script and ad blockers (if any) are turned off, as well.

Google AdSense

The original Google AdSense Mediawiki extension uses tags to place ads. Both this extension and the AdSense2 extension (for the sidebar) can be used simultaneously (as long as they are stored in differently-named extensions folders).

  • Download and extract: 
sudo wget -O GoogleAdSense.zip http://www.paulgu.com/files/getfile/getfile.php?id=10
sudo unzip GoogleAdSense.zip
sudo rm GoogleAdSense.zip
  • This will give you a folder named GoogleAdSense. However, this is the same folder name as the folder for Google AdSense2, so rename the folder while moving it to the extensions folder: 
sudo mv GoogleAdSense /var/lib/mediawiki/extensions/GoogleAdSense30
  • Generate a content ad unit in the Google AdSense account. Long horizontal ads can be created as 728 x 90. Copy the generated code into a file and save it for reference.
  • Edit the GoogleAdSense.php file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /var/lib/mediawiki/extensions/GoogleAdSense30/GoogleAdSense.php
  • Find the line: 
$PUBLISHER_ID = "pub-xxxxxxxxxxxxxxxx";

and replace pub-xxxxxxxxxxxxxxxx with the publisher ID (aka google_ad_client) that was generated during your ad unit code generation.

  • Find the line: 
'C01' => array('unitID' => 'xxx', 'width' => '728', 'height' => '90', 'position' => 'none'),

and replace xxx with the google_ad_slot number (such as 1234567890) that corresponds to the ad unit you wish to use. Note the C01. This will be the uid that corresponds to this ad unit. The width and height should correspond to those of the ad unit being used.

  • Edit your LocalSettings.php file and add the lines: 
#
# Google Adsense. Edit /var/lib/mediawiki/extensions/GoogleAdSense30/GoogleAdSense.php.
# Use tags such as <google uid="C01" position="none"></google>
#
include_once( "$IP/extensions/GoogleAdSense30/GoogleAdSense.php" );
#
  • Then you can place your ad on any page by placing a tag such as 
<google uid="C01" position="none"></google>

ShareThis

The ShareThis extension provides links to popular social bookmarking and news sources. It works without modification for the Monobook skin.

  • Install: 
sudo mkdir /var/lib/mediawiki/extensions/ShareThis
cd /var/lib/mediawiki/extensions/ShareThis

sudo kate /var/lib/mediawiki/extensions/ShareThis/ShareThis.php
This is a PHP script, so make sure the first line is: 
<?php
  • Install the associated icons: 
cd /usr/share/mediawiki/skins/common/images
sudo wget http://jimbojw.com/download/sharethis-icons.zip
sudo unzip sharethis-icons.zip
sudo rm sharethis-icons.zip
  • Edit your LocalSettings.php file and add the lines: 
#
# Add ShareThis to the sidebar
require_once( "$IP/extensions/ShareThis/ShareThis.php" );
$wgShowShareThisSidebar = true;
#

Facilitate printing to an eBook

Collections

The Collection extension facilitates grouping pages for export to PDF or other format. (See Wikieducator for an example). This is the system Wikipedia uses to create eBooks. It can be used with MediaWiki 1.14 or later. For more information see this article.

PdfBook

Some wiki users like to print out part or all of the wiki into an ebook (PDF format). This can be facilitated with the PdfBook extension. For more information see this article.

Add Quotations

Bashfr is an extension that uses a text file in the Fortune format and displays one random quote from that file.

  • Create a folder named bashfr in the extensions folder of your site. In a multi-site wiki, this will be at /etc/mediawiki/sites/subsite_x/extensions. Otherwise the default location is at /var/lib/mediawiki/extensions. 
sudo mkdir /var/lib/mediawiki/extensions/bashfr
  • Create a text file named bashfr.php in this directory into which you will copy the PHP code found here (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu). 
sudo kate /var/lib/mediawiki/extensions/bashfr/bashfr.php
  • Edit the LocalSettings.php file for your wiki and add these lines (towards the end of the file): 
# For the Bashfr quotations module
#
require_once("$IP/extensions/bashfr/bashfr.php");
#
  • Copy (or create) a text file in the Fortune format with a list of the quotations in it. It should look like: 
I reject your reality and substitute my own...
%
This is one of those "What the hell am I doing?" moments, over!
%
We got a robot in the water, he's stuffed with tuna and it's just another day here at Mythbusters.
  • It is possible to include a URL as the text in a quotation. (Most browsers will then automatically change the text into an actual link.) In this way, a list of random URL links can also be displayed through the Fortune display. 
My reality comes from http://ubuntuguide.org
%
When I wonder "What the hell I am doing?" I go to Kubuntuguide at http://ubuntuguide.org/wiki/Kubuntuguide
%
MediaWiki is the premier wiki. Visit their website: http://www.mediawiki.org/wiki/MediaWiki
  • Copy this file to the /var/lib/mediawiki/extensions/bashfr folder (or to your subsite's particular extensions folder) and rename it to bashfr_fortunes .
  • Wherever you want to place a random quotation from this file, place this tag on your MediaWiki page: 
<bashfr />
  • Add or edit quotations merely by editing the bashfr_fortunes text file. Be sure to maintain the format of a Fortune file (i.e. with a % symbol between each quotation).
  • Add these lines to the LocalSettings.php file so that a new quote appears every day (or more frequently by using a number smaller than 86400, which is the interval in seconds in which to clear the cache). 
# This clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day

Add Random elements as advertisements

Random is an extension that allows one (or more) of a selection of items (or wiki elements) in a list to be presented randomly. This extension allows wiki tags (and elements) so that a combination of images, text, and URL links can be presented together (which together would constitute a typical ad). This is useful for displaying advertisements specific to (and stored within) the wiki.

  • Create a folder named Random in the extensions folder of your site. In a multi-site wiki, this will be at /etc/mediawiki/sites/subsite_x/extensions. Otherwise the default location is at /var/lib/mediawiki/extensions. 
sudo mkdir /var/lib/mediawiki/extensions/Random
  • Create a text file named Random.php in this directory into which you will copy the PHP code found here (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu). 
sudo kate /var/lib/mediawiki/extensions/Random/Random.php
  • Edit the LocalSettings.php file for your wiki and add these lines (towards the end of the file): 
# For the Random extension, used to randomly select an item from a list
#
require_once("$IP/extensions/Random/Random.php");
#
  • An example use of this tag would resemble: 
 <random>
 <format>Visit our sponsor: [%ITEM%]</format>
 <item>http://ubuntuguide.org UbuntuGuide</item>
 <item>http://ubuntuguide.org/wiki/KubuntuGuide Kubuntuguide</item>
 <item>http://www.mediawiki.org MediaWiki</item>
 </random>

In this example, one of the three items in the list would be randomly selected to replace %ITEM%, yielding an external wiki link in this format: [http://ubuntuguide.org UbuntuGuide], which would appear on a wiki page: 

Visit our sponsor: UbuntuGuide
  • To create ads with images (that can be the size, shape, and format of an ad banner, for example), use this type of tag (note that the caption portion of the tag is only functional in MediaWiki 1.17 or later): 
<center>
<random>
<format>Visit our sponsor:<br>[[%ITEM%]]</format>
<item>File:Tech_tux.png|48px|center|link=http://ubuntuguide.org UbuntuGuide|Visit our sponsor: UbuntuGuide</item>
<item>File:ExampleAdPic2.png|55px|center|link=http://ubuntuguide.org/wiki/Kubuntuguide|Visit our sponsor: KubuntuGuide</item>
<item>File:ExampleAdPic3.jpg|center|link=http://exampleexternaldomain.info|caption</item>
</random>
</center>

yielding an external wiki link in this format: [[File:Tech_tux.png|48px|center|link=http://ubuntuguide.org|Visit our sponsor: UbuntuGuide]] which would appear (in versions prior to MediaWiki 1.17) on the wiki page:

Visit our sponsor:
Visit our sponsor: UbuntuGuide
  • The most robust method of creating ads would be to create a series of templates (each with an ad contained within the template). The Random extension would then be used to rotate the ad templates: 
 <random>
 <format>{{%ITEM%}}</format>
 <item>AdTemplate1</item>
 <item>AdTemplate2</item>
 <item>AdTemplate3</item>
 </random>

where AdTemplate1 would represent the wiki page at Template:AdTemplate1, AdTemplate2 would represent the wiki page at Template:AdTemplate2, and AdTemplate3 would represent the wiki page at Template:AdTemplate3. (In general it is best that an administator "protect" the Template:AdTemplateX pages.) If Template:AdTemplate1 were to contain code such as: 

 [[File:Tech_tux.png|48px|center|link=http://ubuntuguide.org|Visit our sponsor: UbuntuGuide]]
 <center>Visit our sponsor: [http://ubuntuguide.org UbuntuGuide]</center>

then the Random extension would yield {{AdTemplate1}} which (in versions prior to MediaWiki 1.17) would appear on a wiki page:

Visit our sponsor: UbuntuGuide
Visit our sponsor: UbuntuGuide
  • If desired, the tag code (with the list to be randomly rotated) can be placed in a template (e.g. Template:MyWikiSponsors ) and then just the corresponding template tag (e.g. {{MyWikiSponsors}} ) could be placed within a wiki page. (It is then highly recommended that a wiki administrator "protect" the template so it cannot be changed by casual wiki users.)
  • The {{MyWikiSponsors}} tag could then also be placed in a custom block in the Sidebar to enable a rotation of random "ad" presentations in the sidebar.
  • Add these lines to the LocalSettings.php file so that a new quote appears every day (or more frequently by using a number smaller than 86400, which is the interval in seconds in which to clear the cache). 
# This clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day

Customise the Sidebar

CustomNavBlocks is an extension that allows regular MediaWiki wiki pages to be used in the Sidebar. This allows extensive customisation of the sidebar, including the addition of any kind of element such as images, numbered lists, and nested lists.

  • Create a folder named CustomNavBlocks in the extensions folder of your site. In a multi-site wiki, this will be at /etc/mediawiki/sites/subsite_x/extensions. Otherwise the default location is at /var/lib/mediawiki/extensions. 
sudo mkdir /var/lib/mediawiki/extensions/CustomNavBlocks
  • Create a text file named CustomNavBlocks.php in this directory into which you will copy the PHP code found here (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu). 
sudo kate /var/lib/mediawiki/extensions/CustomNavBlocks/CustomNavBlocks.php
  • Alternatively, download and install the code directly into the extension folder (recommended): 
sudo mkdir /var/lib/mediawiki/extensions/CustomNavBlocks
cd /var/lib/mediawiki/extensions/CustomNavBlocks
sudo wget http://git.fsinf.at/mediawiki/customnavblocks/blobs/raw/master/CustomNavBlocks.php
  • Edit the LocalSettings.php file for your wiki and add these lines (toward the end of the file): 
# Installs the CustomNavBlocks extension, used to customise the MediaWiki Sidebar
#
require_once( "$IP/extensions/CustomNavBlocks/CustomNavBlocks.php" );
$wgCustomNavBlocksEnable = true;
#
  • Create a wiki page named MediaWiki:CustomNavBlocks. This stores the names of the individual wiki pages, each of which will comprise a custom Sidebar block. Edit the content to resemble: 
CustomBlockUbuntu|Ubuntu
CustomBlockKubuntu|Kubuntu
SEARCH
CustomBlockRecLinks|Recommended Links
CustomBlockSidebarAd|Sponsor
CustomBlock5|Title of Block 5
DONATE

Note that several special reserved words such as SEARCH and DONATE (if using the Sidebar Donate extension) can be used by themselves.

  • Create the individual wiki pages MediaWiki:CustomBlockUbuntu, MediaWiki:CustomBlockKubuntu, MediaWiki:CustomBlockRecLinks, MediaWiki:CustomBlockSidebarAd, MediaWiki:CustomBlock5, etc.

Edit each page to reflect the content you wish to appear in each block. It is possible to use regular wiki tags in these pages. Adjust the content and formatting of each page so that it appears in the Sidebar as desired.

  • Randomised content (including images) using the Random extension (as described above) can also be placed in a MediaWiki:CustomBlock page as a type of Sidebar Ad (with random ad rotation).
  • Each wiki page (used for the sidebar) should be "protected" by an administrator to prevent a casual wiki user from changing it. (Note: All wiki pages with the Mediawiki: prefix are automatically protected already, and can only be edited by administrators anyway (and therefore do not require additional protection.))

Change skins

Skins in MediaWiki are stored in /usr/share/mediawiki/skins and are particular to the version of MediaWiki in use. In MediaWiki 1.16, the 'vector' skin (the new default for Wikimedia and for the upcoming MediaWiki 1.17) can be chosen by editing the LocalSettings.php file and changing: 

$wgDefaultSkin = 'monobook';
to 
$wgDefaultSkin = 'vector';

Change background colours

The background colours are set in the CSS code for the skin being used. For example, if the Monobook skin is being used, the variables are found in /skins/monobook/main.css. There are background colours for many different areas of the wiki; each must be changed separately. Background colours are specified using certain words (such as white, grey, red, blue, green, yellow) or using hex-codes, examples of which are shown here. For example, the main body background colour is set to #f9f9f9 in /skins/monobook/main.css: 

body {
font: x-small sans-serif;
background: #f9f9f9 url(headbg.jpg) 0 0 no-repeat;
color: black;
margin: 0;
padding: 0;
}
or the content background colour set: 
#content {
background: white;
color: black;
border: 1px solid #aaa;
border-right: none;
line-height: 1.5em;
}

Add icons

A wide variety of GPL (and some LGPL) icons are available at Wikimedia Commons. There is also a large number of icons available in the OpenClipArt Library.

  • Icons on a page are best displayed at a size of 48 px. Small icons in a regular line of text are often displayed at 16 px. Icon files that have been saved as an image File in the wiki can then be displayed (see the MediaWiki Help:Images section for more info) using a tag in the generic format: 
[[File:filename.extension|options|altlabel|caption]]

where the |options|, |altlabel|, and |caption| sections are optional. (Note: the |caption| option only works in MediaWiki 1.17 and later, and then only displays if an |altlabel| is also designated.) For example: 

[[File:Prefapp1.png|center|link=http://ubuntuguide.org|16 px|Preferred app 1]]

where the |link=http://ubuntuguide.org| is an optional link for the icon, and can be the name of another internal wiki page (but without [[ ]] tags) or an external link (when preceded by http://). An "alt" label (which is displayed when the mouse is rolled over the icon) is included in this example but no caption. The |center| option is also optional, as is the display size |16px|.

Embed media into a document

  • If media files (such as .mp3 audio files) are to be uploaded directly into the wiki, make sure the upload of the media filetype is allowed by editing the $wgFileExtensions variable in LocalSettings.php so that it includes it. For example, to allow .mp3 files: 
$wgFileExtensions = array('pdf', 'png', 'gif', 'jpg', 'flv', 'swf', 'mp3');
  • Media files can be used as a link for any text using this type of tag: 
[[Media:MyMediaFile.mp3|any text you wish]]

As an example, this text has an audio file linked to it:

You Haven't ?

Embed a PDF document

  • If PDF files are to be uploaded directly into the wiki, make sure the upload of PDF files are allowed by editing the $wgFileExtensions variable in LocalSettings.php so that it includes pdf. For example: 
$wgFileExtensions = array('pdf', 'png', 'gif', 'jpg', 'flv', 'swf');

Use an external PDF viewer

This method is the easiest and most universal.

  • A PDF document is uploaded as a file into MediaWiki. A link placed in a wiki page of this format: 
[[Media:uploadedpdffile.pdf|Description of this PDF File]]
will access the uploaded file for display in an external PDF viewer (such as Okular, Evince, or Acrobat Reader).

Use Browser plugins

A PDF file can be displayed on a wiki page (using tags), but each user must have their browser configured to handle PDF files (with an appropriate plugin or a setting that directs the browser to an external viewer). An advantage of this method is that a PDF file can be viewed on the wiki page at the same time as additional text on the wiki page (that is not part of the PDF file). Not all browsers have a PDF-viewing plugin (such as this one for Firefox) available, however, so the desired result may not be displayed in every browser.

  • To display the PDF files within wiki pages, install the EmbedPDF plugin:
  • Create a folder for the extension: 
sudo mkdir /var/lib/mediawiki/extensions/embedpdf
  • Copy the EmbedPDF.php script from this location and save it as /var/lib/mediawiki/extensions/embedpdf/EmbedPDF.php (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /var/lib/mediawiki/extensions/embedpdf/EmbedPDF.php
  • Edit the LocalSettings.php file for your wiki and add these lines (towards the end of the file): 
#
# This section is for EmbedPDF tags
require_once("$IP/extensions/embedpdf/EmbedPDF.php");
#
  • Display an uploaded PDF file by using the tags on a wiki page similar to: 
<pdf>http://some.site.com/with/a/document.pdf</pdf>
or 
<pdf>Your_uploaded_document.pdf</pdf>

Use templates

This took me a long time to appreciate. I have now converted my wiki(s) so that all content is stored in templates, not on the actual wiki pages themselves. When content is stored in templates in this manner, the display of any wiki page can be changed merely by re-arranging the order of the templates (which contain the actual content) within it.

  • A template is designated by tags similar to {{MycontentTemplate1}} and {{MycontentTemplate2}} and content is then entered directly into the wiki pages that correspond to them: Template:MycontentTemplate1 and Template:MycontentTemplate2.
  • A wiki page that displays one way can then be created using 
{{MycontentTemplate1}}
{{MycontentTemplate2}}

or can be re-arranged to display differently merely by changing the order of the template tags: 

{{MycontentTemplate2}}
{{MycontentTemplate1}}

While this method of wiki creation takes extra steps to implement, in the long run it provides the greatest flexibility. If you intend to create a complex wiki, a plan that includes the liberal usage of templates (from the outset) will save a lot of time later on.

Add WebDAV storage

WebDAV is a method for online storage and versioning of documents with access control. It is sometimes useful to use WebDAV in conjunction with MediaWiki in order to store documents with different levels of security. WebDAV server functions are provided by the WebDAV module of the Apache2 server (on which MediaWiki also runs). See these WebDAV instructions,

Write a screenplay

Ok, this is a pretty esoteric use. I happen to use MediaWiki to write books and screenplays. The ScreenPlay extension allows me to format the text in the format required for screenplays.

  • Create a folder for the extension: 
sudo mkdir /var/lib/mediawiki/extensions/screenplay
  • Download and extract the extension: 
wget -O ScreenPlay.zip http://siege.org/pub/mwspe/ScreenPlay-0.5.php.zip
sudo unzip ScreenPlay.zip
sudo rm ScreenPlay.zip
  • Move the script into the extensions folder: 
sudo mv ScreenPlay*.php /var/lib/mediawiki/extensions/screenplay/ScreenPlay.php
  • Edit the LocalSettings.php file for your wiki and add these lines (towards the end of the file): 
#
# This section is for ScreenPlay tags
require_once("$IP/extensions/screenplay/ScreenPlay.php");
#
  • An example of the usage of this extension is at this Congo Kitabu screenplay site.

Import (K)Ubuntuguide into your site

  • How do I import a copy of (K)Ubuntuguide into my own wiki?
See this page for Ubuntuguide or this page for Kubuntuguide.

Troubleshooting

Mediawiki 1.15 on Firefox and Google tablet browsers

MediaWiki 1.15 does not display correctly in Google and Firefox browsers on tablets and mobile devices. To correct this, use the solution found here:

  • Edit /skins/common/wikibits.js with your text editor.
  • Comment (using // at the beginning of the relevant lines): 
var is_khtml = navigator.vendor == 'KDE' || 	
( document.childNodes && !document.all && !navigator.taintEnabled );
and 
} else if (is_khtml) { 	 
importStylesheetURI(stylepath+'/'+skin+'/KHTMLFixes.css');

Collections

The Collection extension facilitates grouping pages for export to PDF or other format. (See Wikieducator for an example). This is the system Wikipedia uses to create eBooks. It can be used with MediaWiki 1.14 or later. See this extensive tutorial. Also see instructions for using this extension as a Book tool.

  • Install cURL for Php5: 
sudo apt-get install php5-curl
  • Download the Collection extension and install: 
wget http://upload.wikimedia.org/ext-dist/Collection-MW1.16-r66255.tar.gz
sudo tar -xzf Collection-MW1.16-r66255.tar.gz -C /var/lib/mediawiki/extensions
sudo rm Collection-MW1.16-r66255.tar.gz
  • Edit LocalSettings.php and add the lines (for details on settings see this README): 
#
# Add the Collections modules and settings:
#
require_once("$IP/extensions/Collection/Collection.php");
#
#$wgCollectionMWServeURL = "(string)";  // URL of a render server (default "http://tools.pediapress.com/mw-serve/")
#$wgCollectionMWServeCert = "(string)";  // (string) = SSL certificate filename, PEM format, for mw-serve render server.
# Needed for self-signed certificates, otherwise cURL will throw an error. The default is null, i.e. no certificate.
#$wgCollectionMWServeCredentials = "(string)";  // "USERNAME:PASSWORD" (or "USERNAME:PASSWORD:DOMAIN" if you're using LDAP)
# Needed only if the MediaWiki requires to be logged in to view articles
#$wgCollectionFormats = array('rl' => 'PDF',) // Array of supported formats. Example: $wgCollectionFormats = array('rl' => 'PDF', 'odf' => 'ODT',);
#$wgCollectionArticleNamespaces = (array);
# List of namespace numbers for pages which can be added to a collection.
# Category pages (NS_CATEGORY) are always an exception (all articles in a
# category are added, not the category page itself). Default is::
# array(NS_MAIN, NS_TALK, NS_USER, NS_USER_TALK, NS_PROJECT, NS_PROJECT_TALK, NS_MEDIAWIKI, NS_MEDIAWIKI_TALK,
# 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111,);
#$wgCommunityCollectionNamespace = (integer); // Namespace for community (non-personal) collections (Default = ``NS_PROJECT``)
# Needed only if the system message Coll-community_book_prefix has not been set.
#$wgCollectionMaxArticles = (integer);  // Maximum number of articles allowed in a collection (Default 500)
#$wgCollectionLicenseName = "(string)"; // License name for articles in this MediaWiki (Default null)
# If set to ``null`` the localized version of the word "License" is used.
#$wgCollectionLicenseURL = "(string)"; // URL of an article containing the full license (Default null)
#$wgEnableWriteAPI = true; // Enables saving a collection as a wiki (Default = true)
#$wgGroupPermissions['user']['collectionsaveasuserpage'] = true;
#$wgGroupPermissions['autoconfirmed']['collectionsaveascommunitypage'] = true;
  • Edit the Template:Saved_book page and copy lines similar to those found here.

mwlib

The default for the Collections extension is to use the online renderer found at Pediapress. However, a local Python-based rendering server can be installed (mwlib) using these instructions.

Easy installation

  • Install pre-requisites: 
sudo apt-get install g++ perl python python-dev python-setuptools python-imaging

Note: python-setuptools >= 0.6c11 is required, but is not included in (K)Ubuntu Lucid or earlier. Download and install (using sudo dpkg -i) a newer python-setuptools .deb package from the Debian (unstable) repositories. Also required is a newer python-pkg-resources .deb package.

  • Download and install program files: 
sudo easy_install mwlib
  • Download and install the rendering library for PDF (ReportLab): 
sudo easy_install mwlib.rl

Building latest version from source

  • Install pre-requisites: 
sudo apt-get install make g++ perl python python-dev python-setuptools python-imaging re2c
  • Download the code: 
sudo git clone git://code.pediapress.com/mwlib
  • Build from the downloaded source: 
cd mwlib
sudo make
  • Install: 
sudo python setup.py build install

Test mwlib

  • Check installed renderers: 
mw-render --list-writers
  • Check help: 
mw-render --help
  • Render a test page, first from Wikipedia then from your own wiki: 
mw-render -w rl -o test.pdf -c http://en.wikipedia.org/w 'World Economic Forum'
and 
mw-render -w rl -o test.pdf -c http://mywiki.mydomain.org ' Sample Article '

Start the mw server

For detailed usage instructions see here.

  • Start the server. 
sudo mw-serve --protocol=http --port=8899 --interface=127.0.0.1 -d
or, simply 
sudo mw-serve -d

These settings are the default, except for -d. The -d switch indicates to run as a daemon. Although the default port is 8899, this can be changed. (Don't forget to open necessary firewalls and to forward ports on your router if the rendering server is to be publicly accessible.)

This command can be added as a startup command. For example, copy the command to a startup script (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 

sudo kate ~/.kde/Autostart/mwserver.sh

The command can also be added as a menu item.

The script or the menu item (as a Program) can also be added to the Autostart menu: 

K menu -> System -> System Settings -> Advanced -> Autostart -> Add Script... (or Add program...)
  • Edit the LocalSettings.php file so that the variable now reads: 
$wgCollectionMWServeURL = "http://127.0.0.1:8899";

Book Templates

PdfBook

(This method is complex and difficult to implement (but robust once accomplished). Compare to the Collections method that Wikipedia uses. This page is undergoing construction.)

Some wiki users like to print out part or all of the wiki into an ebook (PDF format). This can be facilitated with the PdfBook extension. For more information see this article.

  • Install the htmldoc module in your OS: 
sudo apt-get install htmldoc

wget http://upload.wikimedia.org/ext-dist/PdfBook-MW1.16-r60653.tar.gz
sudo tar -xzf PdfBook-MW1.16-r60653.tar.gz -C /var/lib/mediawiki/extensions
sudo rm PdfBook-MW1.16-r60653.tar.gz
  • Edit the LocalSettings.php file and add the lines: 
#
# PdfBook settings
#
require_once( "$IP/extensions/PdfBook/PdfBook.php" );
#
#$wgPdfBookLeftMargin 	 // 1cm     Default Left page margin
#$wgPdfBookRightMargin   // 1cm     Default Right page margin
#$wgPdfBookTopMargin 	 // 1cm     Default Top page margin
#$wgPdfBookBottomMargin  // 1cm     Default Bottom page margin
#$wgPdfBookFont          // Arial   Default font to use if unspecified in content
#$wgPdfBookFontSize      // 8       Default Point size of default font
#$wgPdfBookLinkColour 	 // 217A28  Default Colour to use when rendering hyperlinks in text
#$wgPdfBookTocLevels     // 2       Default Number of outline levels to use when building the table of contents
#$wgPdfBookExclude       // empty   Default List of article titles which should not be included in the book
#
  • There will be a Category:Books. Each book will have then its own separate Category named for the book (such as Category:MyBook1). Each chapter (or article) for the book will have a tag assigning it to that Category.
  • Create page named Category:MyBook1 and add the lines: 
{{pdf}}
{{book
 | name   = MyBook1
 | author = Perspectoff
 | buy    = [http://mypurchasesite.mydomain.org Purchase Site]<sup>(free delivery!)</sup>
 }}
[[Category:Books]]
  • Add any descriptive information about the eBook that you like. The chapters/articles to be included will be listed at the bottom as subcategories.
  • To each page that will be in the eBook, add a link within the page (top or bottom of the page): 
[[Category:MyBook1|042]]

where 042 represents the chapter/article number.

  • Edit the Template:pdf page to contain the lines: 
{{message|icon=[[File:Book.png|60px]]|text=This selection of articles can be  '''[{{fullurl:{{FULLPAGENAMEE}}|action=pdfbook}} downloaded as a PDF book]''' <small>(or as [{{fullurl:{{FULLPAGENAMEE}}|action=pdfbook&format=html}} html only])</small><br><small>(see [http://www.mediawiki.org/wiki/Extension:PdfBook PdfBook extension] for details about this functionality)</small>
 }}
  • Be sure to upload an image File (in this example named Book.png) to be used as the book icon.
  • Edit the Template:Message page to contain the lines: 
 {|style="width: 100%;margin: 15px 0 0 0;padding: 3px;border: 1px solid #ccc;background: #f4f4f4;text-align: left;vertical-align: top;"
  |-
  |
 {|style="background:none;border:none;margin:0;padding:0;vertical-align:middle;"
  |{{{icon|}}}
  |{{{text}}}
  |}
 |}<noinclude>

The message template is used to format other templates. It uses the class=message css tag within MediaWiki:Common.css.

  • Usage: 
{{Message|icon=[[Image:Info_Icon.png|50px]]|text=This is a test}}

creates: 

 {{Message|icon=[[Image:Info_Icon.png|50px]]|text=This is a test}}
 [[Category:Formatting templates]]</noinclude>
  • Edit the Template:Book and add the lines: 
<noinclude>{{info|This template should be included within any article which represents a book. The article title should be the same as the title of its corresponding book.<br>Articles which use this template are automatically categorised into [[:Category:Books]].}}
<br>
Until we have a semantic form, you can copy and paste the following parameters from the box into your new book article and replace the asterisks with the correct values
<br>
<pre>
{{Book
 |name = [[***]]
 |author = [[***]]
 |publisher = ***
 |buy = ***
 |ISBN = ***
 |keywords = ***
 |image = [[***]]
 }}
</pre>

Once you have saved the new article with information about the book, an entry for that book will appear in the [[:Category:Books|books category]] which will look like the example below, with proper values filled in.
[[Category:Required semantic forms]]
</noinclude>

{{Wbox|name=Book: {{{name}}}|content=
{{sbo}}{{!}}cellspacing=0 cellpadding=5 border=0
{{!}}-
{{!}}'''Author'''{{!!}}{{{author}}}
{{!}}rowspan=5 valign=top{{!}}{{#if:{{{image|}}}|[[Image:{{{image}}}|100px|right]]}}
{{!}}-
{{!}}'''Publisher'''{{!!}}{{{publisher}}}
{{!}}-
{{!}}'''Buy from'''{{!!}}{{{buy}}}
{{!}}-
{{!}}'''ISBN'''{{!!}}{{{ISBN}}}
{{!}}-
{{!}}'''Keywords'''{{!!}}{{{keywords}}}
{{!}}{{sbc}}
{{edit this form|Book}}
}}
<includeonly>[[Category:Books]]</includeonly>
<noinclude>[[Category:Records]][[Category:Organisational templates|{{PAGENAME}}]]</noinclude>
  • Edit the Template:Info page and add the lines: 
{{message|icon=[[File:Info256.png|40px]]|text={{{1}}}}}

<noinclude>[[Category:Formatting templates]]</noinclude>
Don't forget to upload an Info256.png image as an icon.
  • Edit the Template:Wbox page and add the lines: 
<includeonly>{| align={{{align|right}}} style="border-spacing:8px; margin:8px;"
{{#switch: {{{colour|purple}}} |
green={{!}} class="MainPageBG" style="width:{{{width|55}}}%; border:1px solid #cef2e0; background:#f5fffa; vertical-align:top; color:#000;"{{!}} |
blue={{!}} class="MainPageBG" style="width:{{{width|55}}}%; border:1px solid #cedff2; background:#f5faff; vertical-align:top"{{!}}|
purple={{!}} class="MainPageBG" style="width:{{{width|100}}}%; border:1px solid #ddcef2; background:#faf5ff; vertical-align:top; color:#000;"{{!}}
}}
{|width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top; background:{#switch:  {{{colour|purple}}}|green=#f5fffa;|#faf5ff; color:#000}};"
! <div style="margin:0; background:{{#switch: {{{colour|purple}}}|green=#cef2e0|blue=#cedff2|#ddcef2}}; font-size:120%; font-weight:bold; border:1px solid {{#switch: {{{colour|purple}}}|green=#a3bfb1|#afa3bf}}; text-align:left; color:#000; padding:0.2em 0.4em;">{{#if: {{{content|}}} | {{{name}}} | {{fullurl:{{{name}}}|2=action=edit}} }}</div>
|-
|style="color:#000;"| {{#if: {{{content|}}} | {{{content}}} | {{:{{{name}}}}} }}
|-
|}
|}
</includeonly>

<noinclude>==Usage==
*name = article name, name used in box, if {{{contents}}} is omitted, then the name is a link, and {{{name}}} is transcluded under the box 
*contents = optional, if supplied the wikitext is placed under the box
*colour = green|blue|purple (default)
*align = left|center|right (default)
*width = pixel number (300 default)

=== Examples ===
Wikitext content;
<pre>
{{Wbox|name=Foo|content=Fodda|colour=purple|align=center|width=100}}
{{Wbox|name=Foo|content=Fodda|colour=green|align=center|width=100}}
{{Wbox|name=Foo|content=Fodda|colour=blue|align=center|width=100}}
</pre>
Renders;
{| =
|- align="center" valign="top"
| {{Wbox|name=Foo|content=Fodda|colour=purple|align=center|width=100}}
| {{Wbox|name=Foo|content=Fodda|colour=green|align=center|width=100}}
| {{Wbox|name=Foo|content=Fodda|colour=blue|align=center|width=100}}
|}

</noinclude>

Drupal6 tips

Drupal (Web content publishing)

Drupal is the leading open-source package for website creation and content collaboration. A modular approach to website building, from simple out-of-the-box websites to complex sites, is possible with a short learning curve. Get more info on how to get started. Drupal requires an installation of a LAMP server stack; if you have not already installed LAMP, it will be installed along with Drupal 6. I have found it easier to use the MySQL database (the "M" in LAMP), but Drupal6 can also integrate with PostgreSQL if you have it installed. Drupal is available as a package, or from the command-line terminal: 

sudo apt-get install drupal6
  • After everything is installed (and the problems below sorted out), make sure the apache2 rewrite engine module is enabled, then restart the apache2 server: 
sudo a2enmod rewrite
sudo /etc/init.d/apache2 restart
  • Finish installation through your browser: 
http://localhost/drupal6/install.php

Installation quirks

Exim vs. Postfix

Exim and Postfix are mail handlers. I had installed Postfix at the time I installed my Ubuntu server (but was not using it). But Drupal uses Exim and therefore removes Postfix at installation and installs Exim instead. Therefore, it is better not to use Drupal on a mail server that uses Postfix.

Folder permissions

The files folder must belong to the www-data group, and the group must have "Can View & Modify Content" permissions.

The dbconfig.php file must belong to the www-data group, and the group must have "Can read" permissions.

Prior to the initial installation through the browser, make sure the settings.php file initially has "Can View & Modify Content" permissions set for Owner, Group, and Others. If it doesn't, an installation error will be generated. (As part of the installation process, the permissions will subsequently be adjusted to their final desired settings automatically.)

Browser installation

Status report

Updates

You may get the message that you need to update. The message won't go away. It's less easy once you've set up your site, so you should do it now.

  • Download the recommended update to your /etc/drupal folder and extract it. For example: 
cd /etc/drupal
sudo wget -O drupal-current.tar.gz http://ftp.drupal.org/files/projects/drupal-6.16.tar.gz
sudo tar zxvf drupal-current.tar.gz
  • Read the UPGRADE.txt file that was extracted. It has complete details how to upgrade. The following instructions are for first time installation only, since I am not backing up the databases (which is a step you should not skip if you have already been using Drupal):
  • Go offline:
http://localhost/drupal6/?q=admin/settings/site-maintenance -> Offline
or
Drupal -> Administer -> Site configuration -> Site maintenance -> off-line -> Save configuration
  • Copy all the files that were extracted into the installation directory (which is /usr/share/drupal6): 
sudo cp -rf /etc/drupal/drupal-6.16/* /usr/share/drupal6
Note: the option -f forces the old files to be overwritten.
  • Update the core database tables using the provided script:
http://localhost/drupal6/update.php
  • Go back online:
http://localhost/drupal6/?q=admin/settings/site-maintenance -> Online

There are lots of other steps to take if you are already using Drupal, so read the UPGRADE.txt file carefully.

  • If you are upgrading a multi-site version, it is trickier. If the core modules and themes were originally copied to the /etc/drupal/6/sites/all folder, the newly-updated core modules and themes should again be copied there. (Be careful, though, not to overwrite your own customized themes if you have already created some or modified the originals.) 
sudo cp -rf /etc/drupal/drupal-6.16/modules/* /etc/drupal/6/sites/all/modules
sudo cp -rf /etc/drupal/drupal-6.16/themes/* /etc/drupal/6/sites/all/themes
Each of the multiple sites must then be updated individually.

Note: Many users do not use customized themes and prefer to have the core modules and themes always updated along with their core Drupal updates. For these users, it is best not to copy the core modules and themes into the /etc/drupal/6/sites/all folder. (Whenever the core installation is then updated, therefore, the modules and themes in the core installation directory (i.e. /usr/share/drupal6) will be simultaneously updated.) These users will only install add-on modules and customized themes into their /etc/drupal/6/sites/all or /etc/drupal/6/sites/mysite_x folders.

Cron

The documentation for this task is here. My site is small, so my cron task is daily and simple (and can be run by hand using):

http://localhost/drupal6/cron.php

I can add the task to my cron list: 

sudo crontab -e

And add the line (with the nano editor, or the one you prefer):

45 18 * * * /usr/bin/wget -O - -q -t 1 http://localhost/drupal6/cron.php

this will run the script at 45 minutes after 1800 every day.
If you want it to run every hour on the hour, then use:

0 * * * * /usr/bin/wget -O - -q -t 1 http://localhost/drupal6/cron.php

Multi-site Installation

If you intend to run multiple websites, using a single Drupal6 installation, then follow these instructions carefully. I could only get this to work if each site had its own domain name, e.g mysite_1.mydomain.org and mysite_2.mydomain.org. (I could not get it to work for mysite.mydomain.org/subsite_1 and mysite.mydomain.org/subsite_2).

  • Install Drupal6 and the first website (mysite_1.mydomain.org). 
sudo apt-get install drupal6
Configure database for drupal6 with dbconfig-common? Yes
Database type to be used by Drupal6: mysql
Password of your database's administrative user: mysqlrootpassword
MySQL application password for drupal6: mysqldrupal6password
  • Copy the /etc/drupal/6/sites/default folder to the first subsite (in this example named mysite_1.mydomain.org). 
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/mysite_1.mydomain.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.: 
sudo rm /etc/drupal/6/sites/mysite_1.mydomain.org/files
sudo mkdir /etc/drupal/6/sites/mysite_1.mydomain.org/files
sudo chown -R root:www-data /etc/drupal/6/sites/mysite_1.mydomain.org/files
sudo chmod 764 /etc/drupal/6/sites/mysite_1.mydomain.org/files
  • Copy a 135x135 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/mysite_1.mydomain.org/files folder. Rename it WebLogo.png in that folder.
  • Create a virtual host file for the new sites: 
sudo nano /etc/apache2/sites-available/drupal6virtualhost

Add the lines: 

#
# Virtual hosting configuration for Drupal6
#
#
<VirtualHost *:80>
ServerAdmin webmaster@mysite_1.mydomain.org
#
DocumentRoot /usr/share/drupal6/
ServerName mysite_1.mydomain.org
ServerAlias *.mysite_1.mydomain.org mysite_1.mydomain.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
#
<VirtualHost *:80>
ServerAdmin webmaster@mysite_2.mydomain.org
#
DocumentRoot /usr/share/drupal6/
ServerName mysite_2.mydomain.org
ServerAlias *.mysite_2.mydomain.org mysite_2.mydomain.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
  • Remember that your virtual host configuration file won't be active until you make a symbolic link: 
sudo ln -s /etc/apache2/sites-available/drupal6virtualhost /etc/apache2/sites-enabled
  • Restart Apache: 
sudo /etc/init.d/apache2 restart
  • Install the first website through the (Konqueror/Firefox) browser:

http://mysite_1.mydomain.org/install.php

Site Name: My Website 1
Site e-mail address: webmaster@mysite_1.mydomain.org
Administrator Account Username: webmaster -> Password: mywebmasterpassword
Clean URLs: Enabled
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • Now you will re-install a new database for each planned subsite.: 
sudo dpkg-reconfigure drupal6
  • Re-install database for drupal6? Yes
  • Database type to be used by drupal6: mysql
  • Connection method for MySQL database of drupal6: unix socket
  • Name of your database's administrative user: root
  • Password of your database's administrative user: mysqlrootpassword
  • username for drupal6: drupal6b
  • database name for drupal6: drupal6b
  • Copy the /etc/drupal/6/sites/default folder to the second subsite (in this example named mysite_2.mydomain.org). 
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/mysite_2.mydomain.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.: 
sudo rm /etc/drupal/6/sites/mysite_2.mydomain.org/files
sudo mkdir /etc/drupal/6/sites/mysite_2.mydomain.org/files
sudo chown -R root:www-data /etc/drupal/6/sites/mysite_2.mydomain.org/files
sudo chmod 764 /etc/drupal/6/sites/mysite_2.mydomain.org/files
  • Sometimes the permissions of the settings.php and dbconfig.php must be unrestricted during installation: 
sudo chmod 777 /etc/drupal/6/sites/mysite_2.mydomain.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/mysite_2.mydomain.org/dbconfig.php
  • Install the second website through the (Konqueror/Firefox) browser:
http://mysite_2.mydomain.org/install.php
Site Name: My Website 2
Site e-mail address: webmaster@mysite_2.mydomain.org
Administrator Account Username: webmaster -> Password: mywebmasterpassword
Clean URLs: Enabled
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • This process can be repeated if desired (if enough URLs are available).
  • The two websites will be available:
http://mysite_1.mydomain.org
and
http://mysite_2.mydomain.org

Now you have two separate sites. When it is time to upgrade, you will only have to upgrade the core Drupal installation.

Copy modules and themes folders

  • Files, themes, and modules to be shared by all subsites should go in the "all" subsite. (This is an optional step, but if you don't, then the core installation modules and themes folders will be used for common files. If you modify any of the core installation modules or themes, they will be overwritten at the time of an upgrade). Copy the code folders: 
sudo cp -a /usr/share/drupal6/modules/ /etc/drupal/6/sites/all
sudo cp -a /usr/share/drupal6/themes /etc/drupal/6/sites/all
and (optionally) make a directory for shared files: 
sudo mkdir /etc/drupal/6/sites/all/files
sudo chmod 777 /etc/drupal/6/sites/all/files
  • (Optionally), copy the themes and modules from the core installation folder to your subsite folder, so you can customize them without changing the core installation: 
cp -a /usr/share/drupal6/modules/ /etc/drupal/6/sites/mysite_x.mydomain.org
cp -a /usr/share/drupal6/themes /etc/drupal/6/sites/mysite_x.mydomain.org

Note: If you do these steps before installing each subsite, Drupal will get confused and will display an error. Therefore, do this step only after completing the installation (install.php) script. During installation, Drupal only likes to find one modules folder (i.e. the one in /usr/share/drupal6). If you are adding subsites after having already used Drupal for a while, then temporarily rename the modules (and themes) folders in the /etc/drupal/6/sites/all folder to something else (such as modules.bak and themes.bak). Make sure there are no modules or themes folders in the subsite folder (i.e. in the /etc/drupal/6/sites/mysite_x.mydomain.org folder) until after installation has been completed. Then you can complete the steps above (or merely rename modules.bak and themes.bak to modules and themes again). You may need to run the update.php script for each subsite again, after doing this.

Note: Many users do not use customized themes and prefer to have the core modules and themes updated along with their core Drupal updates. For these users, it is best not to copy the core modules and themes into the /etc/drupal/6/sites/all folder. (Whenever the core installation is then updated, therefore, the modules and themes in the core installation directory (i.e. /usr/share/drupal6) will be simultaneously updated.) These users will only install add-on modules and customized themes into their /etc/drupal/6/sites/all or /etc/drupal/6/sites/mysite_x folders.

Update each site

There are a variety of error messages that may occur when using a multi-site installation (from initially using shared configuration files). Many can be cured just by updating each subsite individually. This will update configuration files and store them in your subsite folder(s). You must be logged in as the original user of the subsite to run the update script.

http://mysite_x.mydomain.org/update.php

Multisite cron

Refer to these instructions. I can add the task(s) to my cron list: 

sudo crontab -e

And add the lines (with the nano editor, or the one you prefer): 

45 18 * * * /usr/bin/wget -O - -q -t 1 http://mysite_1.mydomain.org/cron.php
45 19 * * * /usr/bin/wget -O - -q -t 1 http://mysite_2.mydomain.org/cron.php
45 20 * * * /usr/bin/wget -O - -q -t 1 http://mysite_3.mydomain.org/cron.php
this will run the scripts separately, at 45 minutes after the 1800 hour, the 1900 hour, and the 2000 hour every day (each site at a different hour).
If you want all the cron scripts to run every hour, then stagger them: 
0 * * * * /usr/bin/wget -O - -q -t 1 http://mysite_1.mydomain.org/cron.php
20 * * * * /usr/bin/wget -O - -q -t 1 http://mysite_2.mydomain.org/cron.php
40 * * * * /usr/bin/wget -O - -q -t 1 http://mysite_3.mydomain.org/cron.php
this runs one script on the hour (0), one script at 20 minutes past the hour, and one script at 40 minutes past the hour.

Build your site

You should be ready to go. Start building your site.

Drupal site building tips

Introduction

Drupal is one of the most widely used website servers in the world. It is even used by the US White House. It is free and open source and can be customised to many different uses by installing additional modules. This page is a cookbook of how I set up a Drupal site and may be helpful for getting an initial site customized. I am assuming you have one (or multiple) Drupal installations running using these instructions.

Initial user setup

  • It is not a good idea to give anonymous users access to the site or create accounts until you have the site completely set up and are ready to publish. There are people trolling the web looking for new setups, who will create an account and start installing modules faster than you can. Turn off anonymous user accounts:
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new user accounts.
  • Create an administrator user role:
Drupal -> Administer -> User management -> Roles -> Add role -> administrator -> edit permissions -> check all
  • Create a new user who will be an administrator
Drupal -> Administer -> User management -> Users -> Add user -> Adminuser -> roles -> administrator
Use this user as your everyday administrator, saving the user you created at installation as the superuser

Create a Welcome page

  • Create a Welcome page:
Drupal -> Create content -> Page

You can choose where the display will end by adding the tag at the end: 

<!--break-->
Note: If you don't put this tag at the end, the display of the page (known as the "teaser") will be truncated to 300 characters by default. This behavior can be changed:
Drupal -> Administer -> Content management -> Post Settings -> Length of trimmed posts: Unlimited

Change your default logo

  • The ideal size for a logo is about 110 x 100 pixels. A transparent background for the logo is desirable. (You can use Gimp to create an alpha transparency layer for any photo. See these instructions.) You can use Gimp or Gwenview to resize the image.
  • The default logo is specific to the Theme you are using. If you are using the default Garland theme, for example, change the logo:
Drupal -> Administer -> Themes -> Garland -> configure -> Logo image settings -> Use the default logo: unticked ->
Upload logo image: your_own_customised_logo.png

Create a new menu in the left sidebar

When most users create new content (such as a Page or Story), they place it in the Primary Links or Secondary Links menus. At installation, Primary Links and Secondary Links appear at the top of the page, which looks nice. But what if you want a new menu, that appears (for example) only on the left sidebar?

  • Create a new menu:
Drupal -> Administer -> Site building -> Menus -> Add menu ->
Menu name: mynewmenu -> Title: My New Menu -> Description: This is a custom menu I created. ->
  • Place the new menu in the left sidebar:
Drupal -> Administer -> Site building -> Blocks -> Disabled ->
My New Menu -> Left sidebar -> Save blocks
  • Add items to the menu (these can be external links or links to internal pages):
Drupal -> Administer -> Site building -> Menus ->
My New Menu -> Add item
Note that you can also create new content and add it to this new menu at any time.

Increase PHP memory

  • Increase PHP memory (or you will get a "memory exhausted" error). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/drupal/6/sites/mysite_x/settings.php
Add this line at the end: 
ini_set('memory_limit', '96M');
I used to use 32M, but 96M helps with graphics.

Increase uploaded file size limits

The PHP scripting language is used for uploads. Absolute upload limits for the Apache webserver are set in a PHP configuration file and must be changed there.

  • Your uploads are probably larger than the default upload limits of PHP (set at 2 Mb, or "2M", by default), so we will need to increase those. In the example below, I will change the upload limit to 100 Mb ("100M"). Two parameters must be changed in the php.ini configuration file in /etc/php5/apache2 (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
cd /etc/php5/apache2
sudo kate php.ini
  • Change: 
post_max_size = 8M
to 
post_max_size = 100M
  • Change: 
upload_max_filesize = 2M
to 
upload_max_filesize = 100M
  • Save the file and restart apache2: 
sudo /etc/init.d/apache2 restart

Install content creation kit (CCK) and other important modules

  • If you have a multi-site installation, create modules and themes folders within the /etc/drupal/6/sites/mysite_x folder, which will be specific to that site. If you wish to use modules and themes for all your subsites, then create modules and themes folders in the /etc/drupal/6/sites/all folder.

If you install your custom modules and themes in the root installation directory (/usr/share/drupal6), then they will be overwritten every time you do an upgrade, (which may or may not be desirable to you).

  • Although the recommended procedure is to install each module one-by-one (updating and setting the functions for each installed module individually), you may be able to install them all, update once, then set the functions for all the module simultaneously. This will only work if you have increased the PHP memory (as detailed in the previous step).
  • Install the CCK module: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/cck-6.x-2.6.tar.gz
sudo tar zxvf cck-6.x-2.6.tar.gz
sudo rm cck-6.x-2.6.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> CCK -> select CCK module functions to enable
  • Install the Views module: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/views-6.x-2.10.tar.gz
sudo tar zxvf views-6.x-2.10.tar.gz
sudo rm views-6.x-2.10.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Views -> select Views module functions to enable

When you wish to configure the Views properties of a content node, go to:

Drupal -> Administer -> Site Building -> Views -> Enable and Edit the node Views you wish to use
  • Install the Date module: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/date-6.x-2.4.tar.gz
sudo tar zxvf date-6.x-2.4.tar.gz
sudo rm date-6.x-2.4.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Date/Time -> select Date/Time module functions to enable 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/jquery_ui-6.x-1.3.tar.gz
sudo tar zxvf jquery_ui-6.x-1.3.tar.gz
sudo rm jquery_ui-6.x-1.3.tar.gz

cd /etc/drupal/6/sites/all/modules/jquery_ui
sudo wget http://jquery-ui.googlecode.com/files/jquery.ui-1.6.zip
sudo unzip jquery.ui-1.6.zip
sudo rm jquery.ui-1.6.zip
sudo cp -r jquery.ui-1.6 jquery.ui
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> User interface -> select jQuery UI module functions to enable
  • Install the Event module: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/event-6.x-2.x-dev.tar.gz
sudo tar zxvf event-6.x-2.x-dev.tar.gz
sudo rm event-6.x-2.x-dev.tar.gz
  • Install a few miscellaneous Event:Datepicker modules (see this thread): 
cd /etc/drupal/6/sites/all/modules/event/contrib/datepicker
sudo wget http://www.kelvinluck.com/assets/jquery/datePicker/v2/demo/styles/datePicker.css
sudo wget http://www.kelvinluck.com/assets/jquery/datePicker/v2/demo/scripts/jquery.datePicker.js
sudo wget http://www.kelvinluck.com/assets/jquery/datePicker/v2/demo/scripts/date.js
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Event -> select Date Picker module functions to enable 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/signup-6.x-1.0-rc6.tar.gz
sudo tar zxvf signup-6.x-1.0-rc6.tar.gz
sudo rm signup-6.x-1.0-rc6.tar.gz

cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/calendar-6.x-2.2.tar.gz
sudo tar zxvf calendar-6.x-2.2.tar.gz
sudo rm calendar-6.x-2.2.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Date/Time -> select Calendar module functions to enable 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/advanced_help-6.x-1.2.tar.gz
sudo tar zxvf advanced_help-6.x-1.2.tar.gz
sudo rm advanced_help-6.x-1.2.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Other -> select Advanced Help module functions to enable
  • Install the FeedAPI module (allows iCal feeds into Drupal): 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/feedapi-6.x-1.8.tar.gz
sudo tar zxvf feedapi-6.x-1.8.tar.gz
sudo rm feedapi-6.x-1.8.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Feed API Add-on -> select iCal parser module to enable
  • Install the iCal parser module (parses iCal feeds into Drupal): 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/parser_ical-6.x-1.1.tar.gz
sudo tar zxvf parser_ical-6.x-1.1.tar.gz
sudo rm parser_ical-6.x-1.1.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Feed API Default -> select Feed API module functions to enable
  • Install SimplePie, a module that facilitates RSS feeds through the FeedAPI module: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/simplepie-6.x-1.0-beta1.tar.gz
sudo tar zxvf simplepie-6.x-1.0-beta1.tar.gz
sudo rm simplepie-6.x-1.0-beta1.tar.gz

cd /etc/drupal/6/sites/all/modules/simplepie/lib
sudo wget http://simplepie.org/downloads/simplepie_1.2.zip
sudo unzip simplepie_1.2.zip
sudo rm simplepie_1.2.zip
sudo cp simplepie_1.2/simplepie.inc .
sudo cp simplepie_1.2/simplepie.inc /etc/drupal/6/sites/all/modules/feedapi/parser_simplepie
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Other (and FeedAPI Default) -> SimplePie module functions to enable
  • (Optional:) Install the dCaldav module (for importing CALDAV server info into Drupal): 
cd /etc/drupal/6/sites/all/modules
sudo wget http://www.dcaldav.com/system/files/dcaldav-0.2.1.tar.gz
sudo tar zxvf dcaldav-0.2.1.tar.gz
sudo rm dcaldav-0.2.1.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Other -> select dCaldav module functions to enable

Install Access Control modules

  • Install the ACL module (an API that allows per-user access controls in Drupal): 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/acl-6.x-1.0.tar.gz
sudo tar zxvf acl-6.x-1.0.tar.gz
sudo rm acl-6.x-1.0.tar.gz
  • Install the Content Access module (gives fine-grained access control over individual content pages): 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/content_access-6.x-1.2.tar.gz
sudo tar zxvf content_access-6.x-1.2.tar.gz
sudo rm content_access-6.x-1.2.tar.gz
  • Install the Forum Access module (gives fine-grained access control over individual forum pages): 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/forum_access-6.x-1.0.tar.gz
sudo tar zxvf forum_access-6.x-1.0.tar.gz
sudo rm forum_access-6.x-1.0.tar.gz
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.

Note: You must update and adjust permissions after module installation.

  • Drupal -> Administer -> Modules -> Forum Access -> select ACL, Content Access, and Forum Access module functions to enable -> Rebuild Permissions (follow the prompts)
  • You must enable Access Control for each Content Type:
Drupal -> Administer -> Content Management -> Content types -> Page -> Edit -> Access Control -> Enable per content node access control settings: ticked

Enable permissions for added modules

  • Any time a new module is installed or the configuration of the module is changed, the database must be updated. This is especially important if you are running multiple sites, since configuration files must be created for each subsite. Updates can only be done by an administrator with suitable privileges for that site (usually the original user for the site or subsite): 
http://mysite_x.mydomain.org/update.php
  • By default, permissions are turned off for any new modules that you have installed. After installing a new module, go to the permissions page and select permissions for each user role that will be able to access the functions of the new module(s):
Drupal -> Administer -> User management -> Permissions

and tick or un-tick the features that should be available to each class of user.

Create a Calendar content page

Using Date Tools to Create a Calendar

  • Create a custom Date and Time format which will display only the time (to be used later for the display fields):
Drupal -> Administer -> Site configuration -> Date and Time -> Locale:Default Time Zone:Choose your timezone -> Save configuration
Drupal -> Administer -> Site Configuration -> Date and Time -> Formats -> Add Format ->
->Format string: H:i
(This adds a format type to the drop-down selection which only displays hours and minutes.)
Drupal -> Administer -> Site Configuration -> Date and Time -> Formats -> Add format type ->
->Name: Time only -> Type: timeonly -> Save configuration
Drupal -> Administer -> Site Configuration -> Date and Time -> Formats -> Configure ->
->Time only Date format: (the dropdown box should now show your recently created time format, so select it) -> Save configuration

Note: You must update after creating this content type.

  • The Date Tools Wizard simplifies setting up a Date content type to be used with a Calendar display.
Drupal -> Administer -> Content Management -> Date Tools -> Date Wizard -> Save
Drupal -> Administer -> Site Building -> Views -> calendar_date -> Fields: Content: Date - From date -> Edit -> Format: Time only -> Update
Drupal -> Administer -> Content Management -> Content Type -> Date -> Manage Fields -> Label:Date: Configure -> Default value for To date: Same as From date -> Input format: Your preference -> Global Settings: Required (ticked) -> To Date: Optional -> Default Display: Long -> Save
Drupal -> Administer -> Site Building -> Views -> calendar -> Enable
  • Create some (event) content:
Drupal -> Create content -> Date -> create an event
  • View your calendar to see if it came out correctly:
Drupal -> Administer -> Site building -> Views -> calendar_date -> Edit -> View "Calendar page"
  • Add the calendar to the menu:
Drupal -> Administer -> Site building -> Menus -> Primary Links -> Add item -> Path: calendar-date -> Menu link title: Calendar -> Save
The permissions must be set to see the content. For each user role you wish to access the calendar, you must enable the "access all views" permission:
Drupal -> Administer -> User management -> Permissions -> views module -> access all views
Also, the times will only show up if you specifically enable the field_date views permission:
Drupal -> Administer -> User management -> Permissions -> content_permissions module -> view field_date

Add Forums

  • Enable forums:
Drupal -> Administer -> Modules -> Core -> select Forum module functions to enable

Note: You must update and adjust permissions after module installation.

  • Enable first forum "container", which will contain several related forums:
Drupal -> Administer -> Content Management -> Forum -> Add container -> General Forums
-> Add forum -> Forum Name:Forum_1 -> Parent:General Forums -> Weight:1
-> Add forum -> Forum Name:Forum_2 -> Parent:General Forums -> Weight:2
-> Add forum -> Forum Name:Forum_3 -> Parent:General Forums -> Weight:3
  • Enable Forums on the Navigation menu:
Drupal -> Administer -> Site Building -> Menus -> Navigation -> Forum: tick box -> Weight:1
  • If you wish users to be able to reply to forum posts, permissions for comments must be enabled.

Add Images

Install required modules

  • Make sure "Clean URL's" are enabled:
Drupal -> Site configuration -> Clean URLs -> Run the clean url test -> Clean URLs: Enabled
  • The primary module for images is ImageField, which replaces the older module Image. ImageField works with CCK. 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/imagefield-6.x-3.3.tar.gz
sudo tar zxvf imagefield-6.x-3.3.tar.gz
sudo rm imagefield-6.x-3.3.tar.gz
sudo wget http://ftp.drupal.org/files/projects/filefield-6.x-3.3.tar.gz
sudo tar zxvf filefield-6.x-3.3.tar.gz
sudo rm filefield-6.x-3.3.tar.gz
sudo wget http://ftp.drupal.org/files/projects/imageapi-6.x-1.8.tar.gz
sudo tar zxvf imageapi-6.x-1.8.tar.gz
sudo rm imageapi-6.x-1.8.tar.gz
sudo wget http://ftp.drupal.org/files/projects/imagecache-6.x-2.0-beta10.tar.gz
sudo tar zxvf imagecache-6.x-2.0-beta10.tar.gz
sudo rm imagecache-6.x-2.0-beta10.tar.gz
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> CCK -> select FileField and ImageField module functions to enable
Drupal -> Administer -> Modules -> ImageCache -> select ImageCache and ImageAPI module functions to enable
  • Install the GetID3 module (required by FileField) and its updated library. Then remove the security-risk demos folder: 
cd /etc/drupal/6/sites/all/modules 
sudo wget http://ftp.drupal.org/files/projects/getid3-6.x-1.3.tar.gz
sudo tar zxvf getid3-6.x-1.3.tar.gz
sudo rm getid3-6.x-1.3.tar.gz
cd getid3 
sudo wget -O getid3-6.x-1.7.9.zip http://sourceforge.net/projects/getid3/files/getID3%28%29%201.x/1.7.9/getid3-1.7.9.zip/download
sudo unzip getid3-6.x-1.7.9.zip
sudo rm getid3-6.x-1.7.9.zip
cd demos
sudo rm *
cd ..
sudo rmdir demos
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Site Configuration -> GetID3 -> Path: sites/all/modules/getid3/getid3-1.7.9/getid3 -> Save configuration
Drupal -> Administer -> Modules -> Other -> select GetID3 module function to enable 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/token-6.x-1.12.tar.gz
sudo tar zxvf token-6.x-1.12.tar.gz
sudo rm token-6.x-1.12.tar.gz
sudo wget http://ftp.drupal.org/files/projects/views_gallery-6.x-1.2.tar.gz
sudo tar zxvf views_gallery-6.x-1.2.tar.gz
sudo rm views_gallery-6.x-1.2.tar.gz
sudo wget http://ftp.drupal.org/files/projects/nodereference_url-6.x-1.6.tar.gz
sudo tar zxvf nodereference_url-6.x-1.6.tar.gz
sudo rm nodereference_url-6.x-1.6.tar.gz
sudo wget http://ftp.drupal.org/files/projects/views_attach-6.x-2.2.tar.gz
sudo tar zxvf views_attach-6.x-2.2.tar.gz
sudo rm views_attach-6.x-2.2.tar.gz
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Site Configuration -> GetID3 -> Path: sites/all/modules/getid3/getid3-1.7.9/getid3 -> Save configuration 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/thickbox-6.x-1.6.tar.gz
sudo tar zxvf thickbox-6.x-1.6.tar.gz
sudo rm thickbox-6.x-1.6.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Other -> select Thickbox module functions to enable

Configure settings

  • Configure ImageCache:
Drupal -> Administer -> Site building -> ImageCache -> Add new Preset ->
-> thumbnail -> Save preset -> Actions -> Add scale and crop -> Width: 150 Height: 150 -> Create Action
Drupal -> Administer -> Site building -> ImageCache -> Add new Preset ->
-> fullsize -> Save preset -> Actions -> Add scale -> Width: 500 Height: (blank) -> Allow upscaling: ticked -> Create Action

Note: You must update and adjust permissions after module installation.

  • Create a Photo content type:
Drupal -> Administer -> Content management -> Content type -> Add content type -> Name : Photo -> Type: photo -> Description: A post that includes a nicely formatted image -> Save content type -> Photo -> Manage fields -> Add field -> Name: photofield -> field_photofield -> Select a field type: File -> Select a widget: Image -> Save -> photofield customization fields: (fill in desired settings) -> Save field settings -> Save
-> Display fields -> Label: (hidden) -> Teaser: thumbnail image linked to node -> Fullnode: fullsize image -> Save

Note: You must update and adjust permissions after module installation.

  • Create an image (Photo content):
Drupal -> Create content -> Photo -> Name: Photoexample_1 -> photofield: photo_filename_1.png -> Upload -> Save

Embed a video

  • You can easily embed a flash video from YouTube on any page. When creating a web page, make sure "Full HTML" is enabled as an input format:
Drupal -> Create content -> Page (or any content type) -> Input format -> Full HTML

For any YouTube video, the code which allows a video to be embedded on your website is found on the YouTube page in the upper right corner in the "Embed" box. Copy this code snippet.

In the "Body:" section of your Drupal Page (or other content), paste the code snippet and save. The video is now embedded on that page.

Add WYSIWYG editor

Apparently the choices here are FCKEditor, BUEditor, and TinyMCE editor. All require IMCE for image handling. 

cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/imce-6.x-1.3.tar.gz
sudo tar zxvf imce-6.x-1.3.tar.gz
sudo rm imce-6.x-1.3.tar.gz
  • Install one of the editors, such as BUEditor: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/bueditor-6.x-2.1.tar.gz
sudo tar zxvf bueditor-6.x-2.1.tar.gz
sudo rm bueditor-6.x-2.1.tar.gz
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Drupal -> Administer -> Modules -> Other -> select IMCE and BUEditor module functions to enable

Note: You must update and adjust permissions after module installation.

Update modules

Periodically, added modules are updated for security and functionality reasons. As always, backups are routinely advised before updating. In Drupal, most module updates are accomplished by overwriting old code with new code, not by patches. Therefore, if you have a highly customised installation, perform updates with care.

In this example, I will update Ubercart. Updating a module is essentially the re-installation of the new update, overwriting the old update. 

cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.2.tar.gz
sudo tar zxvf ubercart-6.x-2.2.tar.gz
sudo rm ubercart-6.x-2.2.tar.gz
Note: If a module is available to only one subsite, install the update instead into the /etc/drupal/6/sites/mysite_x/modules folder.

Note: You must update after module re-installation.

Perform backups

Yeah, you need to do it. See the Drupal 6 backup instructions. Also see this module for customised backups.

Backup and migrate module

  • Install the Backup and migrate module. This module only supports MySQL, so if you are using postgreSQL, do not use it. Also, this module does not work if you intend to perform an upgrade. Do not use it for backup and restore during an upgrade (it can only be used to backup and restore to exactly the same version of Drupal6). 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/backup_migrate-6.x-2.2.tar.gz
sudo tar zxvf backup_migrate-6.x-2.2.tar.gz
sudo rm backup_migrate-6.x-2.2.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Drupal -> Administer -> Site building -> Modules -> Other -> select Backup and migrate module functions to enable

Note: You must update and adjust permissions after module installation.

The module saves manual backups by default to /etc/drupal/6/sites/mysite_x/files/backup_migrate/manual and cron-scheduled backups to /etc/drupal/6/sites/mysite_x/files/backup_migrate/scheduled, but you can (and should) change this:

Drupal -> Administer -> Backup and migrate -> Destinations
  • Perform a Quick backup into the "manual" backup directory:
Drupal -> Administer -> Backup and migrate -> Backup -> Quick Backup -> Backup from Default Database to Manual Backups Directory using Default Settings -> Backup Now

Backup and restore the MySQL database

  • This is an alternative to the Backup and migrate module that is necessary if you wish to backup during a migration of your website. The best way is to backup the original database with a MySQL dump: 
mysqldump -u user -p databasename > drupaldatabasebackupfile.sql
or, if on a remote host: 
mysqldump -h hostname -u username -p databasename > drupaldatabasebackupfile.sql
Note that the username and password should be the username and password that were used to create the specific database (not the MySQL root username/password).
  • The database should be restored to an empty database in the new site, because if you re-install a new database in the new site and then attempt to restore your old backed-up database on top of it, there is likely to be incompatibilities between the two. Here the username and password are those for the new empty database just created. (It probably is best to make them the same as those of the imported database.) 
mysql -u username -p databasename < drupaldatabasebackupfile.sql
Notes: This was successful for me only if backing up and restoring to exactly the same version of Drupal6. I could not back up the database from one version of Drupal6 then restore to an upgraded version of Drupal6, because the scripts of the upgraded version of Drupal6 did not access the database in the same manner. I therefore performed upgrades only after moving the database.

Empty a database

I hesitate to put these instructions here. Be careful. This erases your database. Use it only if you are confident that you have made good backups. I use this only if I have created a database by accident (during the Drupal6 installation process) and wish to erase/empty it. 

mysql -u root -p
mysql> DROP DATABASE mysqlexampledatabase;
mysql> quit

If your MySQL superuser name is something other than root, then use that, of course. Don't forget the semicolon ( ; ) at the end of each MySQL command.

Of course, once you erase the database, you must re-create a blank one for use with Drupal6. 

sudo dpkg-reconfigure drupal6

Then you can restore the backup (as created above with mysqldump) into the newly recreated (but still empty) database. 

mysql -u username -p databasename < drupaldatabasebackupfile.sql

Moving a Drupal6 installation to a new site

  • Install drupal6 on the new site (sudo apt-get install drupal6). When creating the database, use the same values as used on the old site. If you can't remember what they were, look at the /etc/drupal/6/sites/default/dbconfig.php (or similar) file for the old site (which contains the values for the old site).
  • On the new site, rename the newly created folders
  • /etc/drupal/6
  • /usr/share/drupal6
  • /var/lib/drupal6
to
  • /etc/drupal/6.bak
  • /usr/share/drupal6.bak
  • /var/lib/drupal6.bak
  • Copy the /etc/drupal/6, /usr/share/drupal6, and /var/lib/drupal6 folders from the old site to the new site. (This needs to be done as the root user, which can be done with sudo dolphin).
  • Copy the database dumpfile from the old site to the new site.
  • Check the settings.php, dbconfig.php, files and other folder permissions to make sure they match the permissions of the original system. (Sometimes during the copy process the ownership of all files and folders will be set to root.) In particular, make sure that dbconfig.php belongs to the www-data group.

Notes: I have never been successful in performing an upgrade in the middle of this process. I recommend moving the site exactly, and then performing any upgrades after it is moved.

Use an SMTP server for email functions

I don't have a mail server on my system. Instead, I use an offsite mail handler that accepts the SMTP/POP3 protocols. Drupal can be configured to route its mail through SMTP/POP3 as well. If you are using SMTP, make sure outbound port 25 is open. If using secure SMTP (i.e. through SSL), then make sure outbound port 465 is open.

Install PHPMailer

  • Install the PHPMailer libraries on Ubuntu: 
sudo apt-get install libphp-phpmailer

cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/phpmailer-6.x-2.1.tar.gz
sudo tar zxvf phpmailer-6.x-2.1.tar.gz
sudo rm phpmailer-6.x-2.1.tar.gz
  • Copy the necessary files from the libphp-phpmailer Ubuntu package into the module directory: 
sudo mkdir /etc/drupal/6/sites/all/modules/phpmailer/libraries
sudo cp /usr/share/php/libphp-phpmailer/class* /etc/drupal/6/sites/all/libraries/phpmailer
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.
  • Note: You must update after module installation.
Drupal -> Administer -> Modules -> Mail -> select PHPMailer module functions to enable
  • Enter your SMTP settings:
Drupal -> Administer -> Site configuration -> PHPMailer

Add an online store to your website

Drupal has a completely free and powerful online store called Ubercart. Other solutions include Zen Cart and osCommerce.

Set up PayPal Website Payments Standard

  • Establish a bank account at your financial institution to be used exclusively with PayPal. Do not use your regular bank accounts, as PayPal will have access to both deposits and withdrawals from this account. (You can use a savings account, as all transactions between PayPal and the account will be electronic.)
  • There are basically two types of payment schemes for PayPal:
  • Website Payments Standard -- no monthly fee. 2.9% + $0.30 per (attempted) transaction. The customer goes to the PayPal site for payment then returns to the website.
  • Website Payments Pro -- $30 monthly fee. 2.9% + $0.30 per (attempted) transaction (less if significant volume). All transactions are performed through a gateway, without leaving the website.
  • In addition, there is Express Checkout for PayPal registered customers. The customer goes to the PayPal site then returns.
  • Until your needs are greater, Website Payments Standard is the least expensive solution to use. Create a PayPal Premier account. (The Premier account allows you to both buy and sell items.) Verify your email address and bank account. To verify your bank account, use the "Confirm deposits" method. (The instant verification method involves giving your secure online banking information (regarding your bank account) to PayPal, which is strongly advised against.) Verification of your bank account is a 4 day process, in general.

Create a PayPal Donate button

  • While logged in to the PayPal site, create your button(s) for donations (or payment or checkout) through the PayPal website.
PayPal -> Merchant Services -> Create Buttons -> Donate
  • Customise your button(s) as desired. When you "Create button" or "Save changes," the code for the button will be displayed. Copy the PayPal button code.
  • On your Drupal website, create a new block in which to display the newly created button. In this example I will place this new block in the right sidebar.
Drupal -> Administer -> Site building -> Blocks -> Add block ->
  • Block description: PayPal block
  • Block title: Donations
  • Block body: Paste the code from your PayPal button here
  • Input format: Full HTML
  • Customize other settings as desired -> Save block
  • Place the newly created block into the right sidebar:
Drupal -> Administer -> Site building -> Blocks -> PayPal block -> Disabled -> Dropdown: Right sidebar -> Save blocks

Install Ubercart on Drupal 

cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/token-6.x-1.12.tar.gz
sudo tar zxvf token-6.x-1.12.tar.gz
sudo rm token-6.x-1.12.tar.gz

cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.0.tar.gz
sudo tar zxvf ubercart-6.x-2.0.tar.gz
sudo rm ubercart-6.x-2.0.tar.gz
Note: If you wish these modules to be available to only one subsite, then install them instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Ubercart -> select the Ubercart module functions you intend to use
  • PayPal requires cURL. Install the curl-php library in Ubuntu/Kubuntu (see this link for more info): 
sudo apt-get install php5-curl
sudo /etc/init.d/apache2 restart
Drupal -> Administer -> Store administration

Setup PayPal with Ubercart

  • Undergoing revisions.
  • Check that a payment has been processed:
Drupal -> Administer -> Store Administration -> Orders -> View by status: Payment received

Trigger functions based on payment

The benefit of using Ubercart in Drupal is that access to website functions can be triggered based on a payment regimen. For example, access to webcam modules (such as videochat or webcams) can be enabled (using the ContentAccess module) after payment is processed by Ubercart through Paypal. This allows consumer-based telemedicine, a very desirable service for physicians.

Ubercart allows actions to be triggered, predicated on conditions being met (such as a PayPal payment notification being received). This can include the startup of other modules.

Drupal -> Administer -> Store administration -> Conditional actions

Add realtime videochat to your website

(This section under construction).

The following modules add videochat to Drupal:

Add BigBlueButton API

  • BigBlueButton is a standalone videoconferencing server. Install the BigBlueButton API that is able to call the BBB server from within Drupal: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/bbb-6.x-1.x-dev.tar.gz
sudo tar zxvf bbb-6.x-1.x-dev.tar.gz
sudo rm bbb-6.x-1.x-dev.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Big Blue Button -> select the Big Blue Button module functions you intend to use
  • Test the BigBlueButton settings:
Drupal -> Site administration -> BigBlueButton Conferencing -> Test connection.
  • Change the URL to the address of your BBB server (e.g. http://mybbbsite.dyndns.org:81/bigbluebutton/) and the Security Salt (found in bigbluebutton.properties on the BBB server in the 
/var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
configuration file, in the setting: 
beans.dynamicConferenceService.securitySalt=your_security_salt_number_here
  • Create a new content type named Teleconference:
Drupal -> Administer -> Content management -> Content types -> Add content type

-> Name: Teleconference -> Type: teleconference -> Big Blue Button settings -> Treat this node type as conference: (ticked) -> Show links to join / start a meeting beneath the node: (ticked) -> Display meeting status on node: (ticked) -> Save content type

  • Create a new node of content type Teleconference:

Drupal -> Create content -> Teleconference -> Conference settings -> ...

Add Kaltura video services

  • See these instructions for adding the API for the community edition of Kaltura, a video editor and manager for your website.

Upload and download files

Whether a file is available for private or public download depends, of course, whether the page to which it is attached is available privately or publicly. In addition, there are methods for maintaining private download folders (for FTP or other access).

Public files / attachments

In general, files are "attached" to a page. See Uploading files with Drupal for information about changing permissions.

  • Attach a file to an existing page (examplepage):
Drupal -> Administer -> Content Management -> Content -> examplepage -> edit
-> File attachments -> Attach new file: your file to upload -> Attach -> Save

Increase uploaded file size limits

Add a quotation module

Add the Fortune module to Drupal

Fortune is a *nix utility to display quotations from preselected files. Drupal has a plugin to display these quotations from within a webpage. Although a nice module, a disadvantage is that it uses monospace font and currently does not have options to adjust the font type and size. See here for installation details.

Add the Quotes modules to Drupal 

cd /etc/drupal/6/all/sites/modules
sudo wget http://ftp.drupal.org/files/projects/quotes-6.x-1.40.tar.gz
sudo tar zxvf quotes-6.x-1.40.tar.gz
sudo rm quotes-6.x-1.40.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Site building -> Modules -> Other -> Quotes (ticked) -> Save configuration
  • Create a Quotes content and import your quotations. You can create a quotation one by one, or a large number of Quotations all at once (from a file, for example). Each quotation is created as an individual content item. The "display in Quote blocks" option determines whether a Quotes block (created in the next step to display a rotation of the quotations) will include the particular quotation(s) created in this step.
Drupal -> Create content -> Quotes
->Name: Quote%id -> Display in quote blocks: (ticked)

I use quotations from the Fortune program, which are in a particular text file format that looks like: 

I reject your reality and substitute my own...
%
This is one of those "What the hell am I doing?" moments, over!
%
We got a robot in the water, he's stuffed with tuna and it's just another day here at Mythbusters.

I copy the contents of the text file into the input box.

-> Format: Import Fortune file -> Comment settings: Disabled -> Save

This will create as many content items as are in the Fortune file. If there are hundreds of quotes, you will have hundreds of Quote content items.

  • Configure the Quotes settings so that Quotes can appear as a block:
Drupal -> Administer -> Site configuration -> Quotes
-> Configure blocks -> Name: Quotes -> Add block -> Configure block
-> Update options -> Update every 6 seconds
-> Show block on specific pages -> Show on only the listed pages: choose the pages to display on
-> Save block
  • Add the Quotes Block on your site:
Drupal -> Administer -> Site building -> Blocks -> Quotes:Quotes -> Location


Moodle tips

Prepare your server

  • Moodle is meant to be run on a server. It requires Apache2, the PHP scripting language, and a database (either MySQL or postgreSQL). While many users feel postgreSQL is a better database, MySQL is more widely used and is easier for first time users (since there are many integrated packages that use it). A LAMP server (Linux, Apache2, MySQL, PHP) can easily be installed: 
sudo apt-get install tasksel
sudo tasksel install lamp-server

When installing the LAMP server, note the MySQL root password carefully. This will be required during Moodle installation.

  • Moodle must know where the server is located. (You must also have a way for other users to reach it.) The FQDN (Fully Qualified Domain Name) refers to the location of the server on which the Moodle database is located. In general, there are two options: localhost (meaning the database will be located on the same computer on which Moodle will be installed) or a URL. (Of course, the URL could still refer to the same computer).

Don't worry, whichever option you choose can be changed later. For initial installation, it is easiest to use localhost as the FQDN (and also wherever it is available as an installation option).

Installation

Moodle is a free open source platform for hosting online learning courses. It can be integrated with webinar software. A LAMP server installation is required (sudo tasksel install lamp-server). Also find free Moodle themes here. Install: 

sudo apt-get install moodle
  • Database server software for Moodle: mysql-server -> follow remainder of instructions. Assuming the database is hosted on the same computer as the one Moodle is being installed upon, accept localhost for the options when prompted.
  • Edit Moodle configuration options (if needed). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/moodle/config.php
  • Edit Moodle apache2 configuration file (if needed). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.): 
sudo kate /etc/moodle/apache.conf
  • Finish installation through the browser. (I recommend the "unattended" installation.)
http://localhost/moodle/admin

Set up a virtual server

The whole point of Moodle is that users can access it over a network. The easiest way is to set up a URL for your server so that users can reach Moodle using the URL. Several steps are necessary.

  • If you have a router on your network, forward incoming traffic on ports 80 and 443 (http and https) from the router to the (static) LAN IP address of the server hosting Moodle.
  • The firewall on the Moodle server should allow all incoming traffic on ports 80 and 443.
  • A URL for your Moodle site should have been established with a DNS name server on the Internet. It is possible to use a Dynamic DNS server, as well. An example URL is mymoodleserver.dyndns.org.
  • A virtual host file in /etc/apache2/sites-available must be created for Moodle. 
cd /etc/apache2/sites-available
sudo cp default moodlevirtualhost
It should be edited (sudo gedit /etc/apache2/sites-available/moodlevirtualhost) to look like 
<VirtualHost *:80>
ServerAdmin webmaster@mymoodleserver.dyndns.org
#
DocumentRoot /usr/share/moodle/
ServerName mymoodleserver.dyndns.org
ServerAlias www.mymoodleserver.dyndns.org mymoodleserver.dyndns.org
#RewriteEngine On
#RewriteOptions inherit
</VirtualHost>

Notes: The Rewrite options are listed here only for forward compatibility with Apache rewrite rules. They are only used for multi-site installations and can, in general, remain commented out (with the #).

  • The virtual host file should be linked to /etc/apache2/sites-enabled and apache2 restarted (sudo etc/init.d/apache2 restart). 
sudo ln -s /etc/apache2/sites-available/moodlevirtualhost /etc/apache2/sites-enabled
  • Edit the /etc/moodle/config.php file (sudo gedit /etc/moodle/config.php) so that the FQDN (in this case the URL) is correctly noted. 
$CFG->wwwroot = 'http://mymoodleserver.dyndns.org/moodle';
  • Login to the Moodle server:
http://mymoodleserver.dyndns.org

Using Moodle with an existing URL

It is possible to use Moodle with an existing URL. If, for example, you already have a server at myserver.dyndns.org, it is possible to use Moodle at the URL myserver.dyndns.org/moodle.

In such a situation, no additional virtual host file needs to be created for Moodle; the virtual host file for the existing myserver.dyndns.org server is sufficient.

This is possible because the /etc/moodle/apache.conf file contains the line 

Alias /moodle /usr/share/moodle/

and traffic to the host server will therefore be forwarded accordingly.

  • Edit the /etc/moodle/config.php file (sudo kate /etc/moodle/config.php) so that the FQDN (in this case the URL) is correctly noted. 
$CFG->wwwroot = 'http://myserver.dyndns.org/moodle';
  • Login to the Moodle server:
http://myserver.dyndns.org/moodle

Add a custom theme to Moodle

  • Download one. Extract the zip file (by clicking on the filename in Nautilus, for example).
  • Copy the extracted folder to /usr/share/moodle/theme
  • From Moodle, install the new theme:
Moodle -> Appearance -> Themes -> Theme Selector
  • Copy a custom footer logo (ideal size 55px x 55px) to /etc/moodle and name it moodlelogo55.png. Link this file to the Moodle pix folder: 
sudo ln -s /etc/moodle/moodlelogo55.png /usr/share/moodle/pix
  • The front page footer logo can then be changed by editing: 
sudo nano /usr/share/moodle/lib/weblib.php

and editing the $homelink values from 

$homelink  = '<div class="sitelink">'.
               '<a title="Moodle '. $CFG->release .'" href="http://moodle.org/">'.
               '<img style="width:100px;height:30px" src="pix/moodlelogo.gif" alt="moodlelogo" /></a></div>';
to 
 $homelink  = '<div class="sitelink">'.
               '<a title="My Home Page" href="http://myhomepage.org/">'.
               '<img style="width:55px;height:55px" src="pix/moodlelogo55.png" alt="mylogoname" /></a></div>';

where My Home Page, http://myhomepage.org, moodlelogo55.png, and mylogoname are examples, of course.

Upgrading Moodle

  • Copy the Moodle software directory as a backup: 
sudo cp -r /usr/share/moodle /usr/share/moodle_bak
  • Copy the Moodle data directory as a backup: 
sudo cp -r /var/lib/moodle /var/lib/moodle_bak
  • Copy the local Moodle configuration directory as a backup: 
sudo cp -r /etc/moodle /etc/moodle_bak
  • Dump your MySQL database content: 
mysqldump -u username -p -C -Q -e --create-options moodle > moodle-backup-2010-04-01.sql

where username is the database MySQL user account name used to create the Moodle database during Moodle installation. The corresponding Moodle database password will be requested. (If you have forgotten these, they are recorded in the /etc/moodle/config.php file as $CFG->$dbuser and $CFG->$dbpass).

  • Download and unzip the current Moodle package: 
sudo wget http://download.moodle.org/download.php/direct/stable19/moodle-weekly-19.zip
sudo unzip moodle-weekly-19.zip
sudo rm moodle-weekly-19.zip
  • Copy the new, extracted /moodle folder contents into the original /usr/share/moodle folder, overwriting the files there. 
yes | sudo cp -r moodle/* /usr/share/moodle

Note: This method ensures that any files you have previously added, but for which no updates are available, remain in the /usr/share/moodle folder.

  • Make sure there is a symbolic link from your original config.php file in /etc/moodle to /usr/share/moodle. If not, create one: 
sudo ln -s /etc/moodle/config.php /usr/share/moodle
  • There is a minor error in the version.php module numbering scheme from one version to the next. Edit the version.php file: 
sudo nano /etc/moodle/version.php
Change the line 
$version = 2007101571.04;
to 
$version = 2007101597.04;

Note: The new version number specified in $version must at least be greater than the $version number found in the version.php file located in the backup folder for the previous moodle installation (now presumably at /user/share/moodle_bak/version.php).

  • Login to your Moodle site (as an administrator) and load the new system:
Moodle -> Site Administration -> Notifications (Make sure to click on Notifications)

Moodle Site Building

Using BigBlueButton with Moodle

Using Skype with Moodle

Add Skype Block

Adding quotations to a block

Add a Quotation of the Day block


Fortune

Fortunoid

Fortunoid is a Plasma Widget that serves as a frontend GUI for the fortune package.

Installing the Fortunoid widget package (in Kubuntu/KDE) by 

sudo apt-get install plasma-widget-fortunoid

will also install the fortune package. If only the fortune package is desired (which can be run in a command-line terminal), it can be installed by itself: 

sudo apt-get install fortune
or 
sudo apt-get install fortune-mod

The fortune module can be customized.

  • The quotations themselves are stored in the /usr/share/games/fortunes folders.
  • There are multiple categories of quotations, and the file for each category can be edited directly.
  • When using the command-line, categories of quotations can be selected merely by specifying them. Example: 
fortune zippy science
  • There are many options for the command-line fortune utility (see here). Any or all of these command-line options can be entered as an argument in the Fortunoid widget.

Adding categories of fortunes (fortune modules)

  • See this list of the original fortune modules (categories).
  • Other modules can often be found by a Google search for fortune-mod.
  • Wikiquotes is an online repository for quotations. A webpage can easily be copied to a text file, for conversion into a fortune data file (see below). An example page is Wikiquotes -- Zen proverbs.
  • See this brief tutorial.
  • Make sure fortune-mod is installed: 
sudo apt-get install fortune-mod
  • Change to the fortune directory: 
cd /usr/share/games/fortunes
  • Edit a category text file with quotations separated by % symbols: 
I reject your reality and substitute my own...
%
This is one of those "What the hell am I doing?" moments, over!
%
We got a robot in the water, he's stuffed with tuna and it's just another day here at Mythbusters.

Then, for example, save this text file as newcategory1.

  • It is also possible to include a URL as the text in a quotation. (Most browsers will then automatically change the text into an actual link.) In this way, a list of random URL links can be displayed through the Fortune module. 
My reality comes from http://ubuntuguide.org
%
When I wonder "What the hell I am doing?" I go to Kubuntuguide at http://ubuntuguide.org/wiki/Kubuntuguide
%
MediaWiki is the premier wiki. Vist their website: http://www.mediawiki.org/wiki/MediaWiki
  • There is also a UTF-8 file which is merely a symbolic link to the text file: 
sudo ln -s newcategory1 newcategory1.u8
  • Convert the text file into a data file for use by fortune. 
sudo strfile newcategory1 newcategory1.dat
  • Select newcategory1 as a command-line option or as an argument in Fortunoid.

Using Fortune in Drupal

  • A Drupal plugin for Fortune is available. While this is a nice module, the disadvantage of it is that it displays the quotations in Monotext; there is no ability to select font size and type.

On a server with Drupal installed, download the module: 

cd /etc/drupal/6/all/sites/modules
sudo wget http://ftp.drupal.org/files/projects/fortune-6.x-1.0.tar.gz
sudo tar zxvf fortune-6.x-1.0.tar.gz
sudo rm fortune-6.x-1.0.tar.gz

Note: The module can also be placed in a particular subsite's module folder (if there are multiple Drupal subsites on the server), instead of in the sites/all/modules folder.

Enable the module:

Drupal -> Administer -> Site building -> Modules -> Other -> Fortune (ticked) -> Save configuration
  • Load the module (update) and set permissions in Drupal as usual.
  • Configure the Fortune settings:
Drupal -> Administer -> Site configuration -> Fortune
-> Select the categories of quotations desired -> Submit
  • Add the Fortune Block on your site:
Drupal -> Administer -> Site building -> Blocks -> Fortune -> Configure
-> Show block on only the listed pages (ticked): list of pages you wish Fortune block shown on -> Save

Using Fortune in MediaWiki

DAViCal Calendar Server 0.9.7

  • Note: The repositories contain DAViCal 0.9.7 and these instructions are for that version. If you wish instructions for a more recent version, see the DAViCal 0.9.8 tips page or consult the DAViCal site for instructions on adding the DAViCal repository and installing the most recent version directly.
  • DAViCal is a CalDAV, postgreSQL, Apache and php-based shared Calendar server that works with Mozilla Thunderbird/Lightning/Sunbird, Evolution, and other calendar clients.

Install: 

sudo apt-get install davical

The following detailed instructions are duplicated and updated on the DAViCal website.

Introduction

DaviCal has been included in the Ubuntu repositories as a .deb package.

The instructions below are for a new user with a new Ubuntu Server installation. (Obviously, if you are already using the Ubuntu Server, you will probably have done many of the steps already.)

Preliminary Requirements

It is possible to select the PostgreSQL database task and the LAMP (Linux, Apache2, MySQL, PHP) tasks at the time of the server installation, or at any later time using: 

sudo tasksel install lamp-server
sudo tasksel install postgresql-server

At a minimum, you will need PostgreSQL (see below), Apache2 (see below), and PHP. You can install PHP separately (i.e. not part of the integrated LAMP stack), if you wish, following these Ubuntu instructions.

Note that in later versions of (K)Ubuntu, PostgreSQL 8.4 will be installed instead of PostgreSQL 8.3. Installation steps must take this into account.

Set up the PostgreSQL database

  • See these Ubuntu instructions. Use the Hardy Installation instructions (for PostgreSQL 8.3) as well as the Basic Server Setup instructions for Gutsy/Hardy. In short, install (if you already haven't): 
sudo apt-get install postgresql

Basic Server Setup: 

sudo -u postgres psql postgres

Set a password for the postgres superuser: 

\password postgres
(You may need to quit using \q when you are done).

Create the first database: 

sudo -u postgres createdb mydb

Install the DaviCal package from repositories 

sudo apt-get install davical

Set up DaviCal PostgreSQL users

  • Create the DaviCal users (first becoming the the system root superuser, using sudo su, then becoming the database superuser, postgres): 
sudo su
su postgres -c "createuser davical_app"
exit

You will get asked about superusers, roles and databases, but just say "No" to all questions. This functional ID needs only minimum rights. Repeat the process to create one more user, "davical_dba": 

sudo su
su postgres -c "createuser davical_dba"
exit

Note: In the (older) main DAViCAL site installation page, the user created at this step is "general." This account name is for older versions. You do not need to create a user named "general" any longer.

  • Edit the configuration file pg_hba.conf: 
sudo nano /etc/postgresql/8.3/main/pg_hba.conf
(Use 8.4 instead of 8.3 if Postgresql 8.4 was installed on your system.)
Add the following 4 lines near (or at) the top; 
local all all trust
local davical davical_dba trust
local davical davical_app trust
host davical davical_app 127.0.0.1/32 trust

(The last line is for accessing the database over TCP/IP, assuming the database and the Apache2 server are on the same computer. See here under "Connecting to the Database" for more details.)

  • Restart the postgreSQL server: 
sudo /etc/init.d/postgresql-8.3 restart
(Use 8.4 instead of 8.3 if Postgresql 8.4 was installed on your system.)

Setup the DaviCal database

  • Run the database creation/installation script: 
sudo su
su postgres -c /usr/share/davical/dba/create-database.sh
exit

Write down the admin password when it is displayed. You will need it later.

  • Once the creation script has run correctly, again edit the pg_hba.conf file: 
sudo nano /etc/postgresql/8.3/main/pg_hba.conf
(Use 8.4 instead of 8.3 if Postgresql 8.4 was installed on your system.)
and remove the line 
local all all trust

(This step is not strictly necessary for the installation, but do you really want anybody with a local account to have free access to all the databases?)

  • Restart the database daemon: 
sudo /etc/init.d/postgresql-8.3 restart
(Use 8.4 instead of 8.3 if Postgresql 8.4 was installed on your system.)

Test that your database creation was successful 

sudo su
su postgres
psql davical
davical=# \z
davical=# \q
exit
exit

You should see a table with a list of access permissions to "davical_dba". (Typing "\q" exits pqsl.)

Set up Apache2

Install Apache2, if you have not done so already. See the Ubuntu documentation for help. 

sudo apt-get install apache2

In your router settings (assuming you have one), set your port forwarding so that your port 80 (http) and 443 (https) is forwarded to your server. Make sure your server firewall (if you have one) allows incoming ports 80 and 443.

I set up a dynamicDNS URL name (at DynDNS.org) called mydavicalsite.dyndns.org, which gets forwarded to my router's IP address by DynDNS.org. (My router happens to keep the DynDNS settings updated.) I want this to be forwarded to the server on my LAN.

I therefore created a virtual host setup in the Apache2 schema by copying the default virtualhost settings file to a new virtualhost settings file for mydavicalsite: 

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mydavicalsite

I edited the virtualhost config file: 

sudo nano /etc/apache2/sites-available/mydavicalsite

so that these lines were used (instead of the original ones): 

#
# Virtual Host def for Debian package DAViCal
<VirtualHost *:80>
 DocumentRoot /usr/share/davical/htdocs
 DirectoryIndex index.php index.html
 ServerName mydavicalsite.dyndns.org
 ServerAlias calendar.mydavicalsite.dyndns.org
 Alias /images/ /usr/share/davical/htdocs/images/
 <Directory /usr/share/davical/htdocs/>
     AllowOverride None
     Order allow,deny
     Allow from all
 </Directory>
 php_value include_path /usr/share/awl/inc
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value error_reporting "E_ALL & ~E_NOTICE"
 php_value default_charset "utf-8"
</VirtualHost>

To then make the virtualhost file active, I made a symbolic link from the virtualhost configuration file in the apache2 "sites-available" folder to the apache2 "sites-enabled" folder: 

sudo ln -s /etc/apache2/sites-available/mydavicalsite /etc/apache2/sites-enabled/mydavicalsite

Then restart apache2: 

sudo /etc/init.d/apache2 restart

Create your configuration file

Edit your own configuration file in /etc/davical. (Use your own domain name instead of the one in the example, of course.): 

sudo nano /etc/davical/mydavicalsite.dyndns.org-conf.php

You can merely include the following lines. 

<?php
//  $c->domain_name = "mydavicalsite.dyndns.org";
//  $c->sysabbr     = 'rscds';
  $c->admin_email = 'admin@example.net';
  $c->system_name = "Really Simple CalDAV Store";
//  $c->collections_always_exist = true;
//  $c->enable_row_linking = true;
  $c->default_locale = en_US.UTF-8;
  $c->pg_connect[] = 'dbname=davical port=5432 user=davical_app';
?>

(Beware not to include any empty lines after the '?>'.)

Start up DaviCal

From your browser, go to 

http://mydavicalsite.dyndns.org
or 
http://mydavicalsite.dyndns.org/cal

Use admin as your initial login, and the password assigned to you at installation (you did write it down, didn't you?)

(See here if you forgot your password. In brief: 

>sudo su
>su postgres
>psql davical -c 'select username, password from usr;'

Only the initial "admin" password is stored in plain text. All subsequent users have their password stored in an encrypted state. If you change the admin password through the web interface it will also be encrypted from that point forward.)

  • Optionally copy a configuration file for testing on the localhost server (this did not work correctly for me, though): 
sudo ln -s /etc/davical/mydavicalsite.dyndns.org-conf.php /etc/davical/localhost-conf.php
sudo ln -s /usr/share/davical/htdocs /var/www/davical
Then you can also log through localhost using your browser: 
http://localhost/davical

Create TestUser

I created a testuser (that was not an administrator) using the admin login (above), and gave it a password davtest. I created a calendar, using the default location /testuser/home

I then installed both Sunbird 

sudo apt-get install sunbird

and Thunderbird with Lightning: 

sudo apt-get install thunderbird lightning-extension

Making sure that my firewall wasn't blocking any ports (while testing), or at least allowed 80 and 443 through, I created a new network calendar in both Sunbird and Thunderbird.

Sunbird -> File -> New Calendar... -> On the Network -> CalDAV ->
Location: http://mydavicalsite.dyndns.org/caldav.php/testuser/home ->
Name: testuser
Thunderbird -> Calendar -> Calendar -> New Calendar... -> On the Network -> CalDAV ->
Location: http://mydavicalsite.dyndns.org/caldav.php/testuser/home
Name: testuser

I then entered a calendar entry in Sunbird. I then reloaded the remote calendar:

Sunbird -> File -> Reload Remote Calendars

and when I did the same in Thunderbird Calendar

Thunderbird -> Calendar -> Reload button

then the two calendars were synchronized and both showed the same events.

Voila! Shared calendars.

Administer users

If I made an error in a user setup (from the DaviCAL web interface as the admin user), to correct it I had to make the user inactive and then activate him/her again, at which time I could change the settings.

I had to make a user Public if I wanted to view his/her calendar. The "relationships" are discussed on other pages.

Clarification of user types and relationships

Note: These instructions are peculiar to version 0.9.7. Newer versions have been revised and use a different permissions structure.

The official documentation on this site is very confusing to me. Here's what I worked out:

User roles

A "user" is really a type of account. There are four types of "user" roles in DAViCal. Not all of them represent individual users.

  • Admin: This type of user does not have a calendar (or calendar folder). This type of user account administers the DAViCal database by logging into the administration web interface (only). It is the only type of user that can create new users and change their status (e.g. "active" vs. "inactive", "language", relationships to other types of user accounts, etc.).
  • Public: This is an individual user (as in "John Q. Public," I guess. Don't ask me why it is called a Public account). Every individual user who wants to have an individual calendar must have a Public account. Each individual user (with a Public account) can also belong to (i.e. have a "relationship" with) a group and/or (group calendar) resource.
  • Group: This type of account is meant as a placeholder for several Public users to belong to (have a "relationship" with). It acts as a user in some ways, but it is not an individual user's account.
  • Resource: This is an account for a group calendar, basically. A group (or an individual Public user) must have a "relationship" with the resource to administer the group calendar associated with it. A Public user should not simultaneously have both an individual relationship with a resource as well as a relationship with a group that has a relationship with the same resource.
Types of relationships

A "relationship" defines the types of privileges one user account has in relation to another user account.

  • Administers: This means that this user can change the settings of another user account through the web administration interface. It does not mean that this user can access or change the calendar of another user account (which must be done as an "Assistant to...").
  • is Assistant to: This means the user can directly read and change the calendar of another Public user or Resource (using a client program). Also, if a Public user is defined with the relationship that it "Administers" a Group user account, and the Group user account is an "Assistant to" a Resource (calendar) account, then the Public user will also be able to directly read and change the calendar of the Resource account (using a client program), as well.
  • Can read from: This means the user can directly read (but not change) the calendar of another Public user or Resource (using a client program). Also, if a Public user is defined with the relationship that it "Administers" a Group user account, and the Group user account is given the relationship privilege "Can read from" a Resource (calendar) account, then the Public user will also be able to directly read (but not change) the calendar of the Resource account (using a client program), as well.
  • Can see free/busy time of: The free/busy time setting hides the details of events. This is useful when sensitive details are on a calendar that not every shared user ought to be able to see. When this privilege is given, only that events are scheduled (and not their details) are revealed to the Public user that has this relationship (or to all the Public users that belong to a Group with this type of relationship).
Example

(Other examples are given here).

I have a sensitive PowWow group calendar which I want to share with different users.

Using the web administration interface and the initial "admin" account (see above), I first create a new administrator user (account) named BigChief (user role "Admin"). He does not have his own calendar.

There are seven new "Public" users (each with their own calendar by default) that I then create through the web interface (using either my admin or BigChief user account). The seven Public users are Chief1, Chief 2, Indian1, Indian2, Squaw1, Squaw2, and Janitor. I want to ensure that each can be administered by the BigChief administrator account, so I define the "relationships to" each user to include that the BigChief user "Administers" each account.

Again through the administration web interface, I then set up a new Group user account (with the user role "Group"), with a username of "Braves". I define the relationships to this group: for each Public user (found in the dropdown box), Indian1 and Indian2, I select "Administers" (which confers full rights to each member (Indian1 and Indian2) in the Group to do whatever the Group Braves can do).

I then set up a second Group user account with a username of "Squaws." Again I give each user (in the dropdown box) full privileges for (i.e. "Administers") this group.

Once more through the administration web interface, I finally set up a new user account with the user role of "Resource", which will be the account which contains the actual group calendar. I name this user "PowWowCalendar" (which is what I want to call the group calendar).

For PowWowCalendar, I want BigChief to administer it. In the "Relationship to this user" section, therefore, I select (from the dropdown menu) that the user BigChief "Administers" this (group calendar) resource. I want Chief1 and Chief2 to read and change the PowWowCalendar directly. I therefore select each individually in the dropdown section and defines each with "Is Assistant to..." relationship privileges.

I then want all the Indians in the Braves group to also be able to read and change this group calendar resource, so I then select that the (group) user Braves "is Assistant to" this (group calendar) resource. I want all the squaws to be able to read the calendar only, so I select that the (group) user Squaws "Can read from" this (group calendar) resource.

Lastly, I don't want the Janitor to see the actual details of the calendar, so I select that the Janitor user "Can see free/busy time of" this (group calendar) resource.

Now I have to set up the clients.

Each Public user (Chief1, Chief 2, Indian1, Indian2, Squaw1, Squaw2, and Janitor) will set their own user/password combination in their own calendar client. Then each will create a new CalDAV calendar "on the network" (see above for Sunbird/Thunderbird/Lightning instructions) with the location

http://mydavicalsite.dyndns.org/caldav.php/PowWowCalendar/home

Each user should then be able to see the resource calendar with the privileges assigned above.

(Note that BigChief will not be able to access the calendar as an administrator. I think this is a bug in the system. If you wish BigChief to read and change the events in the calendar, he must be "Assistant to..." the (calendar) resource user).

Clients

Multiple Email/Calendar/PIM clients work with DAViCal. See this list, although almost all CALDAV-compatible clients will work.

Mozilla Sunbird / Thunderbird with Lightning

Mozilla Sunbird is a standalone calendar application, while Lightning is a plugin for the email program Thunderbird which is made to work almost identically to Sunbird (but from within Thunderbird, of course).

Idiosyncracies of Sunbird and Thunderbird Lightning

There are two ways to use Sunbird (or the Lightning Extension for Thunderbird): without a saved user name / password combination, or with one. The first is to leave the user name / password unsaved. This will require that you enter the user name / password each time you log in (which can be tiresome, eventually). If using a computer with many users, this is desirable. When prompted to enter the user name and password, merely do not tick the box prompting whether to save the user name /password.

The second method involves saving the user name / password when prompted. However, Sunbird only likes one saved user name. If there are more than one, it will not know which user name to use when logging in to the server. Therefore, do not attempt to save more than one user name / password.

When a user has subscribed to many calendars, that user can view one or many calendars (for which the user has privileges) at the same time by individually checking or unchecking the boxe next to each calendar name.

However, changes made from the calendar screen itself will only apply to the calendar which is highlighted (in the calendar list), whether or not that calendar's box is actually checked.

To view the calendar (and the changes), however, the calendar must also be checked. It is therefore possible to add/change events to a highlighted calendar but not be able to see the changes (if you have that calendar's name highlighted but not checked).

This point can't be stressed enough -- changes to the calendar are applied to whichever calendar is highlighted, but to see the changes, the calendar must also be checked.

Kontact

Kontact is the personal information manager for KDE (used in Kubuntu). There are some instructions on the DAViCal website, but despite the warnings there, the calendar functions of the current version of Kontact work very nicely with DAViCal. In brief:

  • Add a new calendar:
  • Kontact -> <Right Click> Calendar -> Add... -> Calendar in remote file
(in French: "Calendrier dans un fichier distant")
  • Use the same URL for "Download from" and "Upload to"
Example: http://calendar.example.com/caldav.php/user/home
  • The calendar must exist in order to use it, of course, or Kontact will send an error (such as "file http://calendar.example.com/caldav.php/user/home does not exist"). You must create the calendar using the DAViCal web-based administration interface.
  • These instructions apply to both Kontact and Korganizer.

Evolution

See the DAViCal website for some details. I haven't used Evolution with DAViCal, so if you have, please add your experience here (as well as on the DAViCal website).

DAViCal Calendar Server 0.9.8

  • These instructions are for DAViCal ver. 0.9.8, which is a major rewrite of DAViCal. (This new version is not yet available in the repositories.) If you wish instructions for a more recent version, consult the DAViCal site for instructions on adding the DAViCal repository and installing the most recent version directly.

The instructions for ver. 0.9.7 (from the repositories) are here. DAViCal is a CalDAV, postgreSQL, Apache and php-based shared Calendar server that works with Mozilla Thunderbird/Lightning/Sunbird, Evolution, and other calendar clients.

  • If you wish to use the the older version (0.9.7) from the Ubuntu repositories: 
sudo apt-get install davical
  • Install the newest version (> 0.9.8) from the DAViCal repositories: 
sudo apt-key advanced --keyserver pgp.net.nz --recv-keys F6E0FA5CF0307507BB23A512EAFCFEBF8FEB8EBF
echo "deb http://debian.mcmillan.net.nz/debian lenny awm " | sudo tee /etc/apt/sources.list.d/davical.list
sudo apt-get update 
sudo apt-get install davical
Note: Port 11371 must be open in the firewall to allow the keyserver.

The following detailed instructions are duplicated and updated on the DAViCal website.

Introduction

DaviCal has been included in the Ubuntu repositories as a .deb package.

The instructions below are for a new user with a new Ubuntu Server installation. (Obviously, if you are already using the Ubuntu Server, you will probably have done many of the steps already.)

Preliminary Requirements

It is possible to select the PostgreSQL database task and the LAMP (Linux, Apache2, MySQL, PHP) tasks at the time of the server installation, or at any later time using: 

sudo tasksel install lamp-server
sudo tasksel install postgresql-server

At a minimum, you will need PostgreSQL (see below), Apache2 (see below), and PHP. You can install PHP separately (i.e. not part of the integrated LAMP stack), if you wish, following these Ubuntu instructions.

Note that in later versions of (K)Ubuntu, PostgreSQL 8.4 will be installed instead of PostgreSQL 8.3. Installation steps must take this into account.

Set up the PostgreSQL database

  • See these Ubuntu instructions. Use the Hardy Installation instructions (for PostgreSQL 8.3) as well as the Basic Server Setup instructions for Gutsy/Hardy. In short, install (if you already haven't): 
sudo apt-get install postgresql

Basic Server Setup: 

sudo -u postgres psql postgres

Set a password for the postgres superuser: 

\password postgres
(You may need to quit using \q when you are done).

Create the first database: 

sudo -u postgres createdb mydb

Install the DaviCal package from repositories 

sudo apt-get install davical

Set up DaviCal PostgreSQL users

  • Create the DaviCal users (first becoming the the system root superuser, using sudo su, then becoming the database superuser, postgres): 
sudo su
su postgres -c "createuser davical_app"
exit

You will get asked about superusers, roles and databases, but just say "No" to all questions. This functional ID needs only minimum rights. Repeat the process to create one more user, "davical_dba": 

sudo su
su postgres -c "createuser davical_dba"
exit

Note: In the (older) main DAViCAL site installation page, the user created at this step is "general." This account name is for older versions. You do not need to create a user named "general" any longer.

  • Edit the configuration file pg_hba.conf: 
sudo nano /etc/postgresql/8.4/main/pg_hba.conf
Add the following 4 lines near (or at) the top; 
local all all trust
local davical davical_dba trust
local davical davical_app trust
host davical davical_app 127.0.0.1/32 trust

(The last line is for accessing the database over TCP/IP, assuming the database and the apache2 server are on the same computer. See here under "Connecting to the Database" for more details.)

  • Restart the postgreSQL server: 
sudo /etc/init.d/postgresql-8.4 restart

Setup the DaviCal database

  • Run the database creation/installation script: 
sudo su
su postgres -c /usr/share/davical/dba/create-database.sh
exit

Write down the admin password when it is displayed. You will need it later.

  • Once the creation script has run correctly, again edit the pg_hba.conf file: 
sudo nano /etc/postgresql/8.4/main/pg_hba.conf
and remove the line 
local all all trust

(This step is not strictly necessary for the installation, but do you really want anybody with a local account to have free access to all the databases?)

  • Restart the database daemon: 
sudo /etc/init.d/postgresql-8.4 restart

Test that your database creation was successful 

sudo su
su postgres
psql davical
davical=# \z
davical=# \q
exit
exit

You should see a table with a list of access permissions to "davical_dba". (Typing "\q" exits pqsl.)

Set up Apache2

Install the Apache2 webserver, if you have not done so already. See the Ubuntu documentation for help. 

sudo apt-get install apache2

In your router settings (assuming you have one), set your port forwarding so that your port 80 (http) and 443 (https) is forwarded to your server. Make sure your server firewall (if you have one) allows incoming ports 80 and 443.

I set up a dynamicDNS URL name at DynDNS.org called mydavicalsite.dyndns.org, which gets forwarded to my router's IP address by DynDNS.org. (My router happens to keep the DynDNS settings updated.) I want this to be forwarded to the server on my LAN.

I therefore created a virtual host setup in the Apache2 schema by copying the default virtualhost settings file to a new virtualhost settings file for mydavicalsite: 

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mydavicalsite

I edited the virtualhost config file: 

sudo gedit /etc/apache2/sites-available/mydavicalsite

so that these lines were used (instead of the original ones): 

#
# Virtual Host def for Debian package DAViCal
<VirtualHost *:80>
 DocumentRoot /usr/share/davical/htdocs
 DirectoryIndex index.php index.html
 ServerName mydavicalsite.dyndns.org
 ServerAlias calendar.mydavicalsite.dyndns.org
 Alias /images/ /usr/share/davical/htdocs/images/
 <Directory /usr/share/davical/htdocs/>
     AllowOverride None
     Order allow,deny
     Allow from all
 </Directory>
 php_value include_path /usr/share/awl/inc
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value open_basedir 1
 php_value error_reporting "E_ALL & ~E_NOTICE"
 php_value default_charset "utf-8"
</VirtualHost>

To then make the virtualhost file active, I made a symbolic link from the virtualhost configuration file in the apache2 "sites-available" folder to the apache2 "sites-enabled" folder: 

sudo ln -s /etc/apache2/sites-available/mydavicalsite /etc/apache2/sites-enabled/mydavicalsite

Then restart apache2: 

sudo /etc/init.d/apache2 restart

Create your configuration file

Edit your own configuration file in /etc/davical. (Use your own domain name instead of the one in the example, of course.): 

sudo gedit /etc/davical/mydavicalsite.dyndns.org-conf.php

You can merely include the following lines: 

<?php
//  $c->domain_name = "mydavicalsite.dyndns.org";
//  $c->sysabbr     = 'rscds';
  $c->admin_email = 'admin@example.net';
  $c->system_name = "Really Simple CalDAV Store";
//  $c->collections_always_exist = true;
//  $c->enable_row_linking = true;
  $c->default_locale = en_US.UTF-8;
  $c->pg_connect[] = 'dbname=davical port=5432 user=davical_app';

Start up DaviCal

From your browser, go to 

http://mydavicalsite.dyndns.org
or 
http://mydavicalsite.dyndns.org/cal

Use admin as your initial login, and the password assigned to you at installation (you did write it down, didn't you?)

(See here if you forgot your password. In brief: 

>sudo su
>su postgres
>psql davical -c 'select username, password from usr;'

Only the initial "admin" password is stored in plain text. All subsequent users have their password stored in an encrypted state. If you change the admin password through the web interface it will also be encrypted from that point forward.)

  • Optionally copy a configuration file for testing on the localhost server (this did not work correctly for me, though): 
sudo ln -s /etc/davical/mydavicalsite.dyndns.org-conf.php /etc/davical/localhost-conf.php
sudo ln -s /usr/share/davical/htdocs /var/www/davical
Then you can also log through localhost using your browser: 
http://localhost/davical

Create TestUser

I created a testuser (that was not an administrator) using the admin login (above), and gave it a password davtest. I created a calendar, using the default location /testuser/home

I then installed both Sunbird 

sudo apt-get install sunbird

and Thunderbird with Lightning: 

sudo apt-get install thunderbird lightning-extension

Making sure that my firewall wasn't blocking any ports (while testing), or at least allowed 80 and 443 through, I created a new network calendar in both Sunbird and Thunderbird.

Sunbird -> File -> New Calendar... -> On the Network -> CalDAV ->
Location: http://mydavicalsite.dyndns.org/caldav.php/testuser/home ->
Name: testuser
Thunderbird -> Calendar -> Calendar -> New Calendar... -> On the Network -> CalDAV ->
Location: http://mydavicalsite.dyndns.org/caldav.php/testuser/home
Name: testuser

I then entered a calendar entry in Sunbird. I then reloaded the remote calendar:

Sunbird -> File -> Reload Remote Calendars

and when I did the same in Thunderbird Calendar

Thunderbird -> Calendar -> Reload button

then the two calendars were synchronized and both showed the same events.

Voila! Shared calendars.

Administer users

If I made an error in a user setup (from the DaviCAL web interface as the admin user), to correct it I had to make the user inactive and then activate him/her again, at which time I could change the settings.

I had to make a user Public if I wanted to view his/her calendar. The "relationships" are discussed on other pages.

User roles

In DAViCal 0.9.8 onwards, users are referred to as 'Principals'. A "user" is really a type of account. There are three types of "Principal" in DAViCal. Not all of them represent individual users.

  • Person: This is an individual user. Every individual user who wants to have an individual calendar must have a Person account.
  • Group: This type of account is meant as a placeholder for mediating access. It acts as a user in some ways, but it is not intended to be an individual user's account. Privileges will usually be granted to a group, in order that the group can grant privileges on to many individuals.
  • Resource: This is an account for a shared calendar, such as for booking a meeting room, or an office vehicle. Various resources will usually grant privileges to a Group (or directly to a Person) must have a "relationship" with the resource to administer the group calendar associated with it.

Additionally, a user may be set as an 'Administrator'. These users administer the DAViCal database by logging into the administration web interface. It is the only type of user that can create new users and change their status (e.g. "active" vs. "inactive"). Users who are set to 'inactive' can no longer log into DAViCal.

Grants and Permissions Example

I have a sensitive PowWow group calendar which I want to share with different users.

Using the web administration interface and the initial "admin" account (see above), I first create a new Person (account) named BigChief. He does not have his own calendar.

There are seven new "Public" users (each with their own calendar by default) that I then create through the web interface (using either my original admin or new 'BigChief' admin account). The seven Public users are Chief1, Chief 2, Indian1, Indian2, Squaw1, Squaw2, and Janitor.

Again through the administration web interface, I then set up a new 'Group' account, with a username of "Braves". In this account I grant ALL privileges to each of the members (Indian1 and Indian2) which confers full rights to each member (Indian1 and Indian2) in the Group to do whatever the Group Braves can do.

I then set up a second Group user account with a username of "Squaws." Again I create a grant of ALL privileges to each user (i.e. Squaw1 & Squaw2).

Once more through the administration web interface, I set up a new 'Resource' account, which will contains the actual group calendar. I name this user "PowWowCalendar" (which is what I want to call the group calendar).

For PowWowCalendar, I want BigChief to administer it, so I create a grant, giving ALL privileges to BigChief. I want Chief1 and Chief2 to read and change the PowWowCalendar directly. I therefore add another grant to each individually, giving them write, read and free/busy privileges. Since these Chiefs can also send/respond to meeting invitations on behalf of the group in general I also give the chiefs schedule privileges, although DAViCal will not support that feature until 0.9.9 is released.

I then want all the Indians in the Braves group to also be able to read and change this group calendar resource, so I create two more grants, to the 'Braves' and 'Squaws' groups, conferring write, read and free/busy privileges also.

Lastly, I don't want the Janitor to see the actual details of the calendar, but I do want him to know when the meetings are happening. And in fact I don't mind if anyone else in the organisation can see when the meetings are, so I set the Default Privileges to 'Free/Busy'.

Now I have to set up the clients.

Each real user (Chief1, Chief 2, Indian1, Indian2, Squaw1, Squaw2, and Janitor) will set their own user/password combination in their own calendar client. Then each will create a new CalDAV calendar "on the network" (see above for Sunbird/Thunderbird/Lightning instructions) with the location

http://mydavicalsite.dyndns.org/caldav.php/PowWowCalendar/home

Each user should then be able to see the resource calendar with the privileges assigned above.

Clients

Multiple Email/Calendar/PIM clients work with DAViCal. See this list, although almost all CALDAV-compatible clients will work.

Mozilla Sunbird / Thunderbird with Lightning

Mozilla Sunbird is a standalone calendar application, while Lightning is a plugin for the email program Thunderbird which is made to work almost identically to Sunbird (but from within Thunderbird, of course).

Idiosyncracies of Sunbird and Thunderbird Lightning

There are two ways to use Sunbird (or the Lightning Extension for Thunderbird): without a saved user name / password combination, or with one. The first is to leave the user name / password unsaved. This will require that you enter the user name / password each time you log in (which can be tiresome, eventually). If using a computer with many users, this is desirable. When prompted to enter the user name and password, merely do not tick the box prompting whether to save the user name /password.

The second method involves saving the user name / password when prompted. However, Sunbird only likes one saved user name. If there are more than one, it will not know which user name to use when logging in to the server. Therefore, do not attempt to save more than one user name / password.

When a user has subscribed to many calendars, that user can view one or many calendars (for which the user has privileges) at the same time by individually checking or unchecking the boxe next to each calendar name.

However, changes made from the calendar screen itself will only apply to the calendar which is highlighted (in the calendar list), whether or not that calendar's box is actually checked.

To view the calendar (and the changes), however, the calendar must also be checked. It is therefore possible to add/change events to a highlighted calendar but not be able to see the changes (if you have that calendar's name highlighted but not checked).

This point can't be stressed enough -- changes to the calendar are applied to whichever calendar is highlighted, but to see the changes, the calendar must also be checked.

Kontact

Kontact is the personal information manager for KDE (used in Kubuntu). There are some instructions on the DAViCal website, but despite the warnings there, the calendar functions of the current version of Kontact work very nicely with DAViCal. In brief:

  • Add a new calendar:
  • Kontact -> <Right Click> Calendar -> Add... -> Calendar in remote file
(in French: "Calendrier dans un fichier distant")
  • Use the same URL for "Download from" and "Upload to"
Example: http://calendar.example.com/caldav.php/user/home
  • The calendar must exist in order to use it, of course, or Kontact will send an error (such as "file http://calendar.example.com/caldav.php/user/home does not exist"). You must create the calendar using the DAViCal web-based administration interface.
  • These instructions apply to both Kontact and Korganizer.

Evolution

See the DAViCal website for some details. I haven't used Evolution with DAViCal, so if you have, please add your experience here (as well as on the DAViCal website).

BigBlueButton

BigBlueButton is a web conferencing server that takes advantage of several other open source servers. It is a complex package that I prefer to run on its own Ubuntu server (either on a standalone machine, in a separate partition, or within a virtual machine). This is necessary partly because BigBlueButton runs either on a 32-bit Ubuntu Jaunty 9.04 OS or on a 32-bit or 64-bit Lucid 10.04 OS currently, and I use a more recent edition of the (K)Ubuntu OS for everything else.

Also, the default configuration of BigBlueButton uses ports for its components that might occasionally conflict with other servers. Rather than reconfigure all the other servers (to avoid the possibility of port conflicts with BigBlueButton), it is easier to install (and easier to maintain) BigBlueButton if it is in a self-contained environment.

If BigBlueButton is to be used only for a webinar once-in-a-while, it might be easiest to set it up in its own partition. (A full BBB installation uses 2 Gb hard disk space, so a 4 Gb partition ought to be sufficient. If plenty of hard disk space is available, use 8 Gb for the partition.) Install the Ubuntu server (or desktop) OS within that partition first. (See this section for details on a method to accomplish this.) Then install BigBlueButton.

Installing in a virtual machine (such as VirtualBox, VMWare, QEMU, or Xen) makes sense if the computer host has lots of computing capacity (3 Gb of RAM or greater and a powerful CPU) and a large hard drive. (BigBlueButton recommends dedicating at least 1 Gb RAM to it on a 2 GHz dual-core processor. A full installation requires 2 Gb, so a 4 Gb virtual hard drive ought to be sufficient. If plenty of hard disk space is available, use 8 Gb for the virtual hard drive.) Installation in a virtual machine can be accomplished using the installation method outlined below (after installing an Ubuntu OS within the virtual machine), or a VMWare appliance can be used (for those who have installed a VMWare Player).

If a spare computer is available and frequent usage is anticipated, installing on a standalone computer (as the server) would be most economical (and easiest to maintain) in the long run.

As always, I recommend a test system and a production system. These can be parallel installations on separate partitions (or within separate virtual machines), for example, of which only one at a time is running.

The following instructions are for a new installation, including the Ubuntu server OS, within one of these three environments.

Install Ubuntu server

BigBlueButton provides packages for the 32-bit Jaunty (9.04) edition or for the 32-bit or 64-bit Lucid (10.04) editions. Install your desired server version (Ubuntu server 9.04 or Ubuntu server 10.04). (Jaunty uses the ext3 filesystem by default, so I would probably stick with that if using that version.) I do not recommend installing any additional packages. BigBlueButton will install all the additional packages that it needs (through its own installation script) itself.

  • Update and upgrade the basic server: 
sudo apt-get update
sudo apt-get upgrade
  • To speed bootup, edit the Grub timeout to be one second (Note: Jaunty 9.04 uses Grub Legacy, not Grub2). 
sudo nano /boot/grub/menu.lst

Change to 

timeout 1

instead of the 10 second (timeout 10) that is the default.

Sort out webserver conflicts

BigBlueButton uses Nginx as a webserver instead of Apache2. (Nginx is used by many high-volume server sites such as Sourceforge, Hulu, Github, Wordpress, and TorrentReactor).

  • If installing Ubuntu server for the first time, do not install the full LAMP (Linux, Apache2, MySQL, PHP) stack as an option, since Apache installation is not needed. BigBlueButton will install the individual MySQL and PHP components during its own installation.
  • If you are installing BigBlueButton on an Ubuntu server that is already running Apache, you must decide on a port scheme so that the two webservers do not conflict.

Changing the Apache listening port

The Nginx webserver (used by BigBlueButton) is installed so that it uses the standard webserver port 80. Apache2, if installed, also uses this standard webserver port by default. It is possible to edit an Apache2 configuration file, however, so that it listens on a non-standard port: 

sudo nano /etc/apache2/ports.conf

and the port number 80 changed to a different port number (such as 82). Then reload Apache2: 

sudo /etc/init.d/apache2 restart

This avoids conflicts while installing and testing BigBlueButton. (Of course, for the most part, any servers using Apache2 will be non-functional unless all corresponding virtual host settings are also changed.)

Later, I usually prefer to set the BigBlueButton listening port to 81 and return the Apache2 listening port to 80.

Install BigBlueButton

32-bit Jaunty (9.04)

  • Retrieve and add the BigBlueButton repository key: 
wget http://archive.bigbluebutton.org/bigbluebutton.asc 
sudo apt-key add bigbluebutton.asc
  • Add the BigBlueButton Repositories to your repository list: 
echo "deb http://archive.bigbluebutton.org/ bigbluebutton main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
sudo apt-get update
  • Install BigBlueButton: 
sudo apt-get install bigbluebutton
  • Install desktop sharing: 
sudo apt-get install bbb-apps-deskshare

32-bit or 64-bit Lucid (10.04)

  • Retrieve and add the BigBlueButton repository key: 
wget http://archive.bigbluebutton.org/bigbluebutton.asc 
sudo apt-key add bigbluebutton.asc
  • Add the BigBlueButton Repositories to your repository list: 
  echo "deb http://archive.bigbluebutton.org/lucid bigbluebutton-lucid main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
  • Ensure the multiverse is in the souces list (needed for msttcorefonts): 
  echo "deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse" | sudo tee -a /etc/apt/sources.list
  • Update the software lists: 
  sudo apt-get update
  • Install asterisk (you can hit enter for the prompt for dialing prefix): 
  sudo apt-get install asterisk
  • Install BigBlueButton 
  sudo apt-get install bigbluebutton
  • Restart BigBlueButton: 
  sudo bbb-conf --restart
  sudo bbb-conf --check

Ensure port availablility

BigBlueButton components use port 1935 for RTMP (streaming video), 9123 for desktop sharing (with Xuggler), and port 80 for the Nginx webserver.

Internally, the Red5 Flash server uses port 5080, the Tomcat6 java server uses port 8080, Asterisk uses UDP port 5060 for the SIP interface (plus SIP ports 6079-6099 and RTP ports 3000-3029). The Asterisk Management Interface uses port 5038.

For this reason, during installation and troubleshooting, it is best not to use a firewall with BigBlueButton, and it should be placed in a DMZ. (The UFW firewall installed with Ubuntu Jaunty 9.04 is not enabled by default, so this is not problematic initially.)

A server in the DMZ is at increased risk of hacking, so this is another significant reason to keep BigBlueButton quarantined within its own dedicated server environment (machine/partition/virtual machine).

Once installation is complete and tested, a firewall is probably a good idea, especially if you are hosting BBB on the same machine as other servers.

Check the server's current IP address

Usually this will be the IP address of the server on the LAN. To display: 

ifconfig

Set a static IP address

The Ubuntu server(/desktop) on which BigBlueButton is installed should have a static IP address so that it can reliably be located on the network. If on a LAN, this will be a static LAN IP address (such as 192.168.0.55), to which the router must forward the appropriate ports.

Test BigBlueButton

If the LAN IP address of the BigBlueButton server is shown by ifconfig to be, for example, 192.168.0.55, then access the server from another computer on the LAN by logging in from any web browser to: 

http://192.168.0.55

Big Blue Button should now be fully functional.

Change the host location of the BigBlueButton server

A utility exists to quickly change the server_name of the Nginx (and other BigBlueButton) configuration files. The server_name can be an IP address (such as 68.67.66.65) or a URL (such as bigbluebutton.mydomain.org). 

sudo bbb-conf --setip bigbluebutton.mydomain.org

If it doesn't seem to work, try a clean restart of the BigBlueButton system: 

sudo bbb-conf --clean

Changing the BBB listening port

If BBB is working satisfactorily using the default settings, it is then possible to change the listening port as well as the hostname/IP address at which it will be located.

  • If the port listening port has been changed to 81 (see above), then use the command: 
 sudo bbb-conf --setip bigbluebutton.mydomain.org:81
  • Also change the Nginx webserver listening port (see below).
  • Reboot the server.
  • Now the BigBlueButton server can be accessed: 
http://bigbluebutton.mydomain.org:81

Change the virtual host configuration file of Nginx

Nginx is the web server used by BigBlueButton. It is similar to Apache in many ways. Virtual host configuration files are stored in /etc/nginx/sites-available (and the virtual host configuration file made active by linking it into the /etc/nginx/sites-enabled folder).

BigBlueButton uses an Nginx virtual host configuration folder at /etc/nginx/sites-available/bigbluebutton (which is already linked into the sites-enabled folder). This can be edited (and must be edited if the "bbb-conf --setip" utility in the previous section is used to change the BBB listening port). 

sudo nano /etc/nginx/sites-available/bigbluebutton
  • To change the listening port, edit the line 
listen 80;

to the port that should be listened on (in my example 81). Do not use 8080, since it is already used. 

listen 81;
  • If you intend to use Apache2 on this server (and will always use Nginx on port 81), then also edit the default Nginx configuration file: 
 sudo nano /etc/nginx/sites-available/default

so that it also listens on port 81: 

listen 81;
  • Restart Nginx: 
sudo /etc/init.d/nginx restart
  • Check the changed settings: 
bbb-conf --check
  • Reboot the server.

Using BigBlueButton with Moodle

If Moodle and BigBlueButton are hosted within the same LAN (or on the same physical machine), then the webservers (that they use) ought to be on different listening ports. Moodle uses Apache2, and I find it easiest to leave this at port 80; I assign port 81 to Nginx (and BigBlueButton).

In my set up, I use the same URL for both Moodle and BigBlueButton: 

http://smartestowl.mydomain.org

for Moodle and 

http://smartestowl.mydomain.org:81

for BigBlueButton.

Install BBB <-> Moodle API

  • Download the API from DualCode into the /usr/share/moodle/mod folder and unzip: 
sudo wget http://www.dualcode.com/bigbluebutton/bigbluebutton.zip
sudo unzip bigbluebutton.zip
  • Copy the bigbluebutton/mod/bigbluebutton folder (and its contents) into the /usr/share/moodle/mod folder: 
sudo mkdir /usr/share/moodle/mod/bigbluebutton
sudo cp -r bigbluebutton/mod/bigbluebutton/* /usr/share/moodle/mod/bigbluebutton/
  • Copy the bigbluebutton/lang folder contents into the /usr/share/moodle/lang folder: 
sudo cp -r bigbluebutton/lang/* /usr/share/moodle/lang/
  • Remove the original files: 
sudo rm bigbluebutton.zip
sudo rm -r bigbluebutton/*
sudo rmdir bigbluebutton
  • Login to the Moodle site (as an administrator) and load the module:
Moodle -> Site Administration -> Notifications (Make sure to click on Notifications)
-> Activities -> Manage Activities -> BigBlueButton -> Settings
-> Input the IP address/URL of your BigBlueButton server. Do not enter the leading http:// .
-> Input the Security Salt from your BigBlueButton server. This is in a file called “bigbluebutton.properties” on the BigBlueButton server. On my Ubuntu server I found it at 
/var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties

The security salt string can be found: 

beans.dynamicConferenceService.securitySalt=your_number_here

Input that long string of numbers and letters to the field in Moodle.

-> Put a star in the Meeting IDs field. That will allow an unlimited number of rooms to be created. You can also put any number here to restrict how many rooms on your BigBlueButton server you want running at any one time. (This can eventually become important for performance reasons.)
  • In the (Course) Weekly Outline:

-> Add an activity... -> BigBlueButton ->

and set the desired passwords for the meeting, etc.

Add BigBlueButton API to Drupal6

  • BigBlueButton is a standalone videoconferencing server. Install the BigBlueButton API that is able to call the BBB server from within Drupal: 
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/bbb-6.x-1.x-dev.tar.gz
sudo tar zxvf bbb-6.x-1.x-dev.tar.gz
sudo rm bbb-6.x-1.x-dev.tar.gz
Note: If you wish this module to be available to only one subsite, then install it instead into the /etc/drupal/6/sites/mysite_x/modules folder.
Note: You must update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Big Blue Button -> select the Big Blue Button module functions you intend to use
  • Test the BigBlueButton settings:
Drupal -> Site administration -> BigBlueButton Conferencing -> Test connection.
  • Change the URL to the address of your BBB server (e.g. http://mybbbsite.dyndns.org:81/bigbluebutton/) and the Security Salt (found in bigbluebutton.properties on the BBB server in the 
/var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
configuration file, in the setting: 
beans.dynamicConferenceService.securitySalt=your_security_salt_number_here
  • Create a new content type named Teleconference:
Drupal -> Administer -> Content management -> Content types -> Add content type

-> Name: Teleconference -> Type: teleconference -> Big Blue Button settings -> Treat this node type as conference: (ticked) -> Show links to join / start a meeting beneath the node: (ticked) -> Display meeting status on node: (ticked) -> Save content type

  • Create a new node of content type Teleconference:

Drupal -> Create content -> Teleconference -> Conference settings -> ...

Changing the BBB security salt

In general this is not necessary. However, if you think your BigBlueButton system may have been compromised in some way, the security salt (which keeps passwords and communications safe) can be changed.

  • Generate a new Universal Unique ID (UUID), which is basically a long string of random numbers with dashes. This random number will serve as the security salt key: 
uuidgen
  • Copy the string (including dashes) several places, replacing the existing security salt (if any) at each location:
  • /var/lib/tomcat6/webapps/bigbluebutton/demo/bbb_api_conf.jsp 
sudo gedit /var/lib/tomcat6/webapps/bigbluebutton/demo/bbb_api_conf.jsp
  • /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties 
sudo gedit /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
  • Do a clean restart of the BigBlueButton server: 
sudo bbb-conf --clean

BBB - Standalone authentification with Apache2 web serving 

bbb-conf - setip bbb_url.com:81
    • In the file /etc/nginx/sites-enabled/default 
Change port 80 to port 81
  • Install apache2 
apt-get install apache2
    • Create this file: 
/etc/apache2/sites-available/bbb-redirect
    • Add the following line to this file : /etc/apache2/sites-available/bbb-redirect 
Redirect / http://bbb_url.com:81/bigbluebutton/conference
  • Restart apache2 
/etc/init.d/apache2 restart
  • Copy /var/lib/tomcat6/webapps/bigbluebutton/demo to /var/lib/tomcat6/webapps/bigbluebutton/conference 
cp -R /var/lib/tomcat6/webapps/bigbluebutton/demo /var/lib/tomcat6/webapps/bigbluebutton/conference
  • In this folder /var/lib/tomcat6/webapps/bigbluebutton/conference
    • Copy demo3.jsp to index.jsp 
cp demo3.jsp index.jsp
  • Customize index.jsp as you wish. (you need basic knowledge with java and html)
  • Restart tomcat6 
/etc/init.d/tomcat6 restart

Voila!, the BBB server should be accessible with authentication.

Skulltag tips

Note: I use both the latest Skulltag and ZDoom with Doomseeker on Kubuntu Oneiric and it is very fast with good graphics and good sound. (I had some problems in Maverick and Natty, which are now resolved.)

Install Skulltag

Skulltag is an updated version of ZDoom that includes network play. See the website for simple (K)Ubuntu installation instructions. (You can use the Freedoom Iwad (see below) if you don't have an original Doom2.wad.) Note: Most of the modules require dependencies from the Universe repositories. Make sure you have the Universe repositories enabled (Synaptic Package Manager -> Settings -> Repositories -> Edit Software Sources -> Community-maintained Open Source software (universe) -> (ticked)).

  • Add the skulltag repositories, update, and install Skulltag and DoomSeeker (the Skulltag online server utility): 
echo "deb http://skulltag.net/download/files/release/deb/ jaunty multiverse" | sudo tee /etc/apt/sources.list.d/skulltag.list
sudo apt-get update
sudo apt-get install skulltag doomseeker-skulltag
  • If you don't have a doom2.wad, tnt.wad, or plutonia.wad already, you can copy the freedoom.wad to your ~/.skulltag folder: 
cd ~/.skulltag
wget http://mirror.cinquix.com/pub/savannah/freedoom/freedoom-iwad/freedoom-iwad-0.6.4.zip
unzip freedoom-iwad-0.6.4.zip
cp freedoom*/doom2.wad .
rm freedoom-iwad-0.6.4.zip
  • If you receive this error (I did not) when running for the first time : 
skulltag: error while loading shared libraries: libsnes_spc.so: cannot open shared object file: No such file or directory

then copy libsnes_spc.so from the skulltag directory to /usr/lib/ : 

sudo cp libsnes_spc.so /usr/lib
Sound

Skulltag MIDI sound options can be set to OPL Synth Emulation (recommended), Timidity, or FMOD. (I have never been able to get FMOD to work.) On my (K)Ubuntu system, OPL Synth Emulation is already installed. Select the sound server:

Skulltag -> ESC -> Options -> Sound Options -> MIDI Device -> OPL Synth Emulation
Timidity Sound

If you wish to use the Timidity (MIDI) sound system instead, then prior to starting Skulltag (and selecting the sound options), install: 

sudo apt-get install timidity timidity-interfaces-extra
FMOD Sound
  • FMOD is not installed by default in (K)Ubuntu. If you wish to use FMOD for MIDI, then download the appropriate version for your Linux OS here and install the latest version (example is for a 64-bit OS): 
wget http://www.fmod.org/index.php/release/version/fmodapi44000linux64.tar.gz
tar -xvzf fmodapi44000linux64.tar.gz
sudo cp fmodapi40000linux64/api/lib/libfmodex64-4.40.00.so /usr/lib/libfmodex64-4.40.00.so
sudo ln -s /usr/lib/libfmodex64-4.40.00.so /usr/lib/libfmodex64.so
(Obviously, use the 32-bit version if you have a 32-bit OS.)
  • Set the sound options while running Skulltag to select your sound interface.
  • Alternate instructions: If you receive the error 
skulltag: error while loading shared libraries: libfmodex32-4.24.16.so: cannot open shared object file: No such file or directory
or 
skulltag: error while loading shared libraries: libfmodex64-4.24.16.so: cannot open shared object file: No such file or directory

this means that you need to download and install FMOD manually. From my experience, Skulltag just ignores the .so files provided in the skulltag directory. It's easy to fix.

  • Download one of these:

32 bit linux: http://www.fmod.org/index.php/release/version/fmodapi42416linux.tar.gz

or

64 bit linux: http://www.fmod.org/index.php/release/version/fmodapi42416linux64.tar.gz

  • Extract to a directory somewhere, and in a command-line terminal navigate to that directory (using cd), where there should be a file named "makefile," and "make" the package: 
sudo make install

This installs FMOD to /usr/local/lib.

  • Change to the directory (within the extracted file) /api/lib/
  • Skulltag will only work on ubuntu if libfmodex-4.24.16.so (libfmodex64-4.24.16.so for 64 bit linux) is in /usr/lib/: 
sudo cp /usr/local/lib/libfmodex64-4.24.16.so /usr/lib/
or 
sudo cp /usr/local/lib/libfmodex-4.24.16.so /usr/lib/
  • Then link the specific files to the generic file: 
sudo ln -s /usr/lib/libfmodex64-4.24.16.so /usr/lib/libfmodex64.so
sudo ln -s /usr/local/lib/libfmodex64-4.24.16.so /usr/local/lib/libfmodex64.so
  • If you receive an error about LibSDL, then be sure it is installed: 
    sudo apt-get install libsdl-image1.2
Wad location

Longtime Doom players may already have a collection of wads. If you have all your wads in a single directory (like I do), you must set Doomseeker to look in that directory for wads. For example, my wads are in /home/mainuser/wads, so I set Doomseeker:

Doomseeker -> Options -> Configure -> File paths -> Add -> /home/mainuser/wads -> Ok

I also like any new wads that are downloaded by Doomseeker (Wadseeker) to be stored in the same directory:

Doomseeker -> Options -> Configure -> Wadseeker -> General -> Directory where Wadseeker will place the wads into: -> /home/mainuser/wads -> Ok

I happen to have stored my original doom2.wad, tnt.wad, and plutonia.wad in that directory already. The Freedoom wad could be copied (as doom2.wad) into this directory as well, if one of the original commercial wads are not available.

Firewall and Doomseeker

Doomseeker is the GUI that helps with online play. Skulltag has a centralized master website that keeps track of every hosted Skulltag server online. This master website uses port 15300, so this port must be open for outbound traffic in order to access the list.

I use Firestarter to control my firewall (iptables). To open the outgoing Doomseeker port 15300 in the firewall:

Firestarter -> Policy -> Editing: Outbound traffic policy -> Allow service: right-click -> Add rule -> Allow service: Port: 15300 -> When the source is: Firewall host -> Comment: Doomseeker master server comm port -> Add

When Doomseeker is now started, a list of servers will be displayed. However, the servers may all be using different ports for Skulltag, and the details will not appear. This is where a decision has to be made. If you want to be able to communicate with all the servers listed, you must open up all your outgoing ports, or at least a wide range of ports. If you want to communicate with only a select few servers, you can open only the ports they are using. Although Doomseeker servers generally use ports 10666 - 10800, there are many Skulltag servers that don't use Doomseeker, and they may use ports numbering anywhere from 7000 to 21000.

Opening your firewall is a security risk, of course, and the user must make the decision whether to open a wide range of ports or not. To open all outgoing ports (which is really the only way to easily access all the Skulltag servers) using Firestarter, change the outgoing policy to "permissive":

Firestarter -> Policy -> Editing: Outbound traffic policy -> Permissive by default, blacklist traffic: (ticked)

This is effect opens up your system to all outgoing traffic, which is a security risk, somewhat. (Trojans and backdoor channels, if present on your computer for some reason, will then be free to communicate). Therefore, don't do this on a work computer or on a computer where sensitive data compromise might be a concern.

If you plan to only play on a few select servers (of friends, for example) and you know that their servers are hosted on, say, ports 10666 - 10700, then leave the policy set to "restrictive by default" and just open those ports, :

Firestarter -> Policy -> Editing: Outbound traffic policy -> Restrictive by default, whitelist traffic: (ticked) -> Allow service: right-click -> Add rule -> Allow service: Port: 10666-10700 -> When the source is: Firewall host -> Comment: Skulltag servers -> Add
Hosting a Skulltag server

Installation of Skulltag includes installation of the server module, skulltag-server. Doomseeker provides a GUI interface that starts up skulltag-server, which is very convenient (Doomseeker -> File -> Create server).

  • Using Doomseeker's Create server option, all the settings for your server can be set. The information will be sent to the Skulltag master server (over port 15300) and your server will then be listed there. When you refresh the Doomseeker server list, you should be able to find your server. You can then connect to it yourself and become a player.
  • By default, Doomseeker creates your Skulltag server on port 10666. If you might be creating two servers, the second will be created on port 10667. Therefore, if you are on a LAN, you must forward these ports to your computer's LAN IP address (from your router). You must have access to your router to do this (and each router is different), so consult your router's guide.
You can find out the local LAN IP address of your computer from a command-line interface terminal (such as Terminal in Ubuntu or Konsole) in Kubuntu) using the command: 
ifconfig
Set your router to forward ports 10666-10667 to your computer's local LAN IP address.
  • Of course, your firewall must also allow incoming traffic on these ports. I use Firestarter to control my firewall (iptables). To open the incoming Skulltag server ports in the firewall:
Firestarter -> Policy -> Editing: Inbound traffic policy -> Allow service: right-click -> Add rule -> Allow service: Port: 10666-10667 -> When the source is: Anyone -> Comment: Skulltag servers -> Add
wlan0 vs. eth0

Note: In the newest versions of Skulltag I no longer need to do interface bridging as described below.

When I set up my Skulltag server using version 0.98c, the skulltag-server module often tried to use eth0 (the wired NIC) as the primary communications port, even though I only connected to the LAN/internet over the wireless wlan0 port. This was unpredictable, as sometimes it attempted to use wlan0 and sometimes eth0, even though only wlan0 (the wireless port) was connected (eth0 was not connected, i.e. no wired connection).

The only way I found to work around this behavior was to bridge eth0 to wlan0, so that any traffic to eth0 was then sent over wlan0.

  • To enable bridging, install bridge-utils: 
sudo apt-get install bridge-utils
  • Edit the network interfaces configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu): 
sudo kate /etc/network/interfaces
so that it resembles: 
# The loopback network interface
auto lo
iface lo inet loopback
#
auto wlan0
iface wlan0 inet dhcp
#
bridge_ports wlan0 eth0

Then I restarted the networking (or rebooted): 

sudo /etc/init.d/networking restart

This successfully bridged the eth0 port to the wlan0 port. Now when the Skulltag server started, it thinks it is hosting through the eth0 port but it is now actually hosted through the wlan0 port.

Storing your custom wads online

Ok, you have to be a Doom fanatic to build your own wads. But one of the advantages of Skulltag is that you can host a server using your own wads (for Deathmatch, Cooperative, or other team play). There are a few websites that will store your wads for you, and keep a large variety of wads available to be used for your own server. An easy one to use is FatHax. If you use FatHax (or any other wad site) for your wads, be sure to list it as the "URL" in your server, so that players attempting to play will be directed to that location to download wads.

Doomseeker troubleshooting
  • The current package of Doomseeker (0.8.1) available from the skulltag.net repository works fine for me.
  • These instructions remain for reference only; they should not longer be needed. I was not able to get the Debian/Ubuntu package of Doomseeker 0.7-beta to work properly (even though Doomseeker 0.6 worked fine). (Multiple errors were returned that plugins were "not available" when using the package-installed binary at /usr/bin/doomseeker.)

I therefore installed the newest Subversion package of Doomseeker and compiled it manually instead, using the instructions here. This version of Doomseeker worked for me without problem.

  • Updated specific instructions 3-1-2012:
  • I downloaded the Doomseeker 0.8.1b + Wadseeker 0.7.1 tarball (doomseeker-0.8.1b_src.tar.bz2) from here and unpacked it. 
wget http://doomseeker.drdteam.org/files/doomseeker-0.8.1b_src.tar.bz2
tar -xvjf doomseeker-0.8.1b_src.tar.bz2
This extracted this version to the folder ~/doomseeker-0.8.1b_src. 
sudo apt-get install g++ cmake libqt4-dev mercurial zlib1g-dev libbz2-dev
cd doomseeker-0.8.1b_src
mkdir build
cd build
cmake ..
make
sudo make install
  • It installs to the /usr/local/share/doomseeker folder with the binary at /usr/local/bin/doomseeker so that a menu item must be created with the command: 
/usr/local/bin/doomseeker

ZDoom and GZDoom

Both ZDoom and GZDoom (the OpenGL version of ZDoom) can be downloaded as packages from the Skulltag repository as well. After installing the Skulltag repository: 

sudo apt-get install zdoom doomseeker doomseeker-zdaemon python-zdaemon
or 
sudo apt-get install gzdoom doomseeker doomseeker-zdaemon python-zdaemon
  • Midi sound is most easily enabled using OPL Synth Emulation:
ZDoom -> ESC -> Options -> Sound -> Midi Device: OPL Synth Emulation

MFC-7820N

I have about a dozen of this Brother MFC-7820N multifunction printer/scanner/fax machine on my networks. Other Brother MFC models are similar to set up, so the steps in this article are probably similar to those needed for other models as well. For additional drivers and instructions see the Brother help site.

Printer

  • The BR-Script3 and Foomatic/Postscript PPD files that are supplied automatically do not work well with graphics (the Foomatic/Postscript PPD often doesn't work at all). Printing graphics can take longer than 4 minutes, or can freeze altogether. Install the Brother CUPS drivers instead: 
sudo apt-get install brother-lpr-drivers-laser brother-cups-wrapper-laser

These CUPS driver packages also work for these Brother laser models: DCP-7010 DCP-7020 DCP-7025 DCP-8060 DCP-8065DN FAX-2820 FAX-2920 HL-2030 HL-2040 HL-2070N HL-5240 HL-5250DN HL-5270DN HL-5280DW MFC-7220 MFC-7225N MFC-7420 MFC-7820N MFC-8460N MFC-8660DN MFC-8860DN MFC-8870DW.

  • My printer is on a network (at LAN IP address 192.168.0.125 which is set manually from the printer console). (K)Ubuntu will find the printer on the network automatically (assuming all firewalls are turned off) and install the correct drivers.
Menu -> System -> System Settings -> Printer configuration -> New Printer -> New Network Printer

At this stage my printer was automatically recognized and the device URI filled in for me as 

socket://192.168.0.125:9100

I was able to name the printer and select the printer driver:

->Brother -> MFC-7820N for CUPS

Avoid the "MFC-7820N -> BR-Script3" and the "MFC-7820N -> Foomatic/Postscript" options (see above).

  • In my firewall, I allowed all traffic to/from 192.168.0.125. On networks where I have multiple Brother printers, I opened port 9100 (in and out) for the entire subnet 192.168.0.1/24 (i.e. 192.168.0.1 - 192.168.0.255).

Other models

My 7820N model is installed by (K)Ubuntu automatically, but other models may need the installation of the LPR and cupswrapper drivers individually.

Search the package manager for a package that corresponds to your model first. If none is available, then .deb packages for the drivers for each model can each be downloaded from the Brother website. Then install them (this example uses the MFC-7340 drivers): 

sudo apt-get install ia32-libs
sudo dpkg -i --force-all brmfc7340lpr-2.0.2-1.i386.deb
sudo dpkg -i --force-all cupswrapperMFC7340-2.0.2-1.i386.deb

Scanner

These instructions are for a networked scanner/printer. There are other instructions for a USB-connected scanner/printer.

  • Install pre-requisites (if not already installed): 
sudo apt-get install sane-utils
  • The 7820N uses a brscan2 driver, as listed here. Download the .deb package for the drivers for the printer (use the appropriate 64-bit or 32-bit version -- replace amd64 with i386 if needed) and install them: 
sudo wget -O brscan_driver.deb http://www.brother.com/pub/bsc/linux/dlf/brscan2-0.2.5-1.amd64.deb
sudo dpkg -i brscan_driver.deb

If you would like to use the Scan key on the scanner/printer itself, then also install the scankeytool: 

sudo wget -O brscan_scankeytool.deb http://www.brother.com/pub/bsc/linux/dlf/brscan-skey-0.2.1-3.amd64.deb
sudo dpkg -i brscan_scankeytool.deb
  • Check to see if the driver is installed: 
sudo dpkg -l | grep Brother
  • Add a network scanner entry for your model. (brsaneconfig2 is the command for the brscan2 driver.) 
brsaneconfig2 -a name=SCANNER model=MFC-7820N ip=192.168.0.125
  • Check to see if the network scanner is recognized: 
brsaneconfig2 -q | grep SCANNER
  • Copy brscan2 files from /usr/lib64 to /usr/lib: 
sudo cp /usr/lib64/libbrscandec2.so.1.0.0 /usr/lib
sudo cp /usr/lib64/sane/libsane-brother2.so.1.0.7 /usr/lib/sane
sudo cp /usr/lib64/sane/libsane-brother2.so.1 /usr/lib/sane
sudo cp /usr/lib64/sane/libsane-brother2.so /usr/lib/sane
sudo cp /usr/lib64/libbrcolm2.so.1.0.1 /usr/lib
sudo cp /usr/lib64/libbrcolm2.so /usr/lib
sudo cp /usr/lib64/libbrscandec2.so.1 /usr/lib
sudo cp /usr/lib64/libbrscandec2.so /usr/lib
sudo cp /usr/lib64/libbrcolm2.so.1 /usr/lib

(As of Precise Pangolin 12.04 LTS my scanner is working using these steps.)

  • Edit /lib/udev/rules.d/40-libsane.rules: 
sudo kate /lib/udev/rules.d/40-libsane.rules

and add either (the second one is for the MFC-7820N specifically, which I used, whereas the first one is generic for all Brother scanners): 

# Brother scanners
ATTRS{idVendor}=="04f9", ENV{libsane_matched}="yes"
or 
# Brother 7820N scanner
ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="0181", ENV{libsane_matched}="yes"

then reboot.

  • Install a scanning utility, such as Xsane: 
sudo apt-get install xsane
then start it:
Menu -> Applications -> Graphics -> Xsane Image Scanner

Scan a sample image using the Scan button. If it works then setup is complete.

Scanning utilities

There are many utilities for use with scanning.

Xsane

Xsane is the standard scanning utility for Linux. Install: 

sudo apt-get install xsane

gscan2pdf

Gscan2pdf scans directly to a PDF document. Install: 

sudo apt-get install gscan2pdf

Tesseract

Tesseract is a command-line OCR. Install: 

sudo apt-get install tesseract-ocr

Fax

  • If using a firewall, make sure traffic to the IP address of the scanner/printer (in my example 192.168.0.125) is enabled.

Note: The next several steps may be accomplished in recent versions of (K)Ubuntu using the single step: 

sudo apt-get install brother-lpr-drivers-laser brother-cups-wrapper-laser
  • Install pre-requisites if using a 64-bit OS: 
sudo apt-get install ia32-libs
  • Create spool directory and Cups directory if they do not exist: 
sudo mkdir /var/spool/lpd
sudo mkdir /usr/share/cups/model
  • Download drivers and install them. 
sudo wget -O brfax_lpddriver.deb http://www.brother.com/pub/bsc/linux/dlf/brmfcfaxlpd-1.0.0-1.i386.deb
sudo wget -O brfax_cupsdriver.deb http://www.brother.com/pub/bsc/linux/dlf/brmfcfaxcups-1.0.0-1.i386.deb
sudo dpkg -i --force-all brfax_lpddriver.deb
sudo dpkg -i --force-all brfax_cupsdriver.deb
  • Check to see if the driver is installed: 
sudo dpkg -l | grep Brother
  • Copy the PPD files: 
sudo cp /usr/share/cups/model/brfax_cups.ppd /usr/share/ppd
sudo /etc/init.d/cups restart
  • Secure the brfax CUPS filter file: 
sudo chmod 755 /usr/lib/cups/filter/brfaxfilter
sudo /etc/init.d/cups restart
  • Check the CUPS settings to see if the BRFAX shows up as a listed printer (usually with the Device URI of usb:/dev/usb/lp0). If it does, then you are done. If not, use the next step to complete configuration.
  • Configure the Fax options through a web-browser interface: 
http://localhost:631/printers
-> BRFAX -> Modify Printer -> Other network printers: LPD/LPR Host or Printer (ticked) -> Continue
-> Connection: lpd://192.168.0.125/binary_p1 -> Continue
-> Description: BRFAX -> Location: Home network -> Continue
-> Make: Brother -> Continue -> Model: Current Driver - BRMFCFAX for CUPS -> Modify Printer
  • Send a test fax to make sure the driver is functioning correctly: 
brpcfax -o fax-number=(fax-number) (filename)

(Note: You will need Java installed to use brpcfax. The easiest way to install Java is to install kubuntu-restricted-extras, which also installs other programs, or install openjdk-6-jre alone:) 

sudo apt-get install kubuntu-restricted-extras
or, alternatively 
sudo apt-get install openjdk-6-jre

Sending Faxes

The brpcfax utility only will send files in Postscript (.ps) format. The easiest way to accomplish faxing is to create a Kubuntu menu item (in the Office submenu, for example) entitled Send Fax with the Command: brpcfax sendfax.ps

Any program can then print to a file named sendfax.ps.

Starting the menu item will then invoke the brpcfax utility to send the file.

Associate brpcfax with Postscript files as an output option

This method entails associating Postscript files with the brpcfax utility.

K menu -> System -> System Settings -> Advanced -> File Associations -> Configure file associations

-> application -> postscript -> Application preference order: Add
-> Select the program for the file type: brpcfax -P BRFAX -o PAPER=A4 -> Ok -> Apply

Now any document saved as a Postscript (.ps) file can be faxed from the Dolphin (or Nautilus) file manager. Right-click on the saved Postscript file and use the "Open With -> brpcfax" option.

Sending faxes from Firefox

  • Print as a Postscript file.
  • Using the "Open With -> brpcfax" method as described in the preceding section, fax the saved file from Dolphin (or Nautilus).

Sending faxes from OpenOffice

  • Run spadmin doing from the command-line interface terminal: 
/usr/lib/openoffice/program/spadmin
-> New Printer -> Connect a fax device -> Next -> Use the following driver for this fax connection: A specific driver, to adapt the format to another printer (ticked) ->

->Please select a suitable driver: Generic Printer (ticked) -> Please enter a command line appropriate for this device: 

 /usr/bin/brpcfax -o fax-number=(PHONE)

-> Next -> Please enter a name for the fax connection: Fax printer -> Finish

Troubleshooting

  • ia32-libs allows 32-bit drivers to be used on 64-bit systems. Some printer drivers are only available in 32-bit versions. If so, install ia32-libs first: 
sudo apt-get install ia32-libs

This is useful if your printer only has a 32-bit driver available (designated by i386 in the name. 64-bit drivers are designated with amd64 or x86_64 in the name).

If you don't know whether your system is a 32-bit or 64-bit system: 

uname -a

You should see either i386 or x86_64 somewhere in the result.

Retrieved from "http://ubuntuguide.org/wiki/Ubuntu:Oneiric_for_printing"
Personal tools
DONATE