Ubuntu Trusty User Administration
Tips & Tricks
You can run any application in your path using the Run Command. Use Alt+F2.
Turn off Hot Keys
This is the most evil option on any operating system, in my opinion. A mis-stroke enables any number of random events. Unfortunately, this problem is pervasive in operating systems and is difficult to turn off.
- Menu -> System -> Administration-> Advanced -> Input Actions -> General Settings -> check "Disable KHotKeys daemon"
- Menu -> System -> Administration-> Advanced -> Input Actions -> Gestures Settings -> check "Disable mouse gestures globally"
If you wish to be selective about it (this doesn't often work, however), start by disabling unnecessary desktop hotkeys.
- Menu -> System -> Administration-> Advanced -> Keyboard & Mouse -> Keyboard Shortcuts
Also, you may want to deactivate linking gestures to sticky and slow keys:
- Menu -> System -> Administration -> Accessibility -> Activation Gestures -> uncheck "Use gestures for activating sticky keys and slow keys"
Note: You probably will have to disable hotkeys in many applications, as well.
- Hotkeys from the Synaptics Touchpad can be selectively turned off using this information from the Ubuntu documentation.
Associate default applications
- To assign the default DVD player (make sure you have enabled DVD playback capability first:
- Menu -> System -> Administration-> Advanced -> File Associations -> x-content -> video-dvd -> Applications Preference order -> Add...
- then choose your favourite media player. There are similar options for Blu-Ray (video-bluray) and HD DVD (video-hddvd). Set each individually.
- To assign the default player for playing mpegs (or other video formats):
- Menu -> System -> Administration-> Advanced -> File Associations -> video -> mpeg -> Applications Preference order -> Add...
- then choose your favourite media player. You can do this for a host of video file formats, including .wmv (x-ms-wmv, or Microsoft WMV format), .flv (x-flv, or Flash video), quicktime, and so on.
- To assign .pls audio streams to play through Audacious:
- Menu -> System -> Administration-> Advanced -> File Associations -> audio -> x-scpls -> Applications Preference order -> Move Audacious to the top (or Add... it).
- Make sure *.pls appears in the Filename Patterns section.
Automatic user login
- To accomplish this (yet still require a user password):
- Menu -> System -> System Settings -> Login Manager -> Convenience -> Enable Auto-Login (ticked) -> Lock session (ticked)
- -> Pre-select user: Specified: Choose primary user
- This ought to be combined with a password-protected screensaver.
Autostart a program at bootup
Any program (or script) can be made to Autostart at bootup by creating a symbolic link to that program (or script) in the ~/.config/autostart folder.
For example, to start Firefox at bootup, create a symbolic link:
sudo ln -s /usr/bin/firefox ~/.config/autostart
Choose Bootup/Startup services
Preventing unneeded or unwanted services from loading at startup can improve system performance.
- Install the GTK-based Bootup-Manager:
sudo apt-get install bum
- Run Bootup-Manager:
- Menu -> System -> Bootup-Manager
Run a script from a menu item
It is possible to place a short script in a menu item / shortcut to answer an interactive query (such as a password query). Here is an example that is used to enter a password during an SSH negotiation. First, install the utility expect:
sudo apt-get install expect
The use a command in the Menu Item / Shortcut similar to:
expect -c 'spawn ssh -l sshuser -L 5900:127.0.0.1:5900 remoteserver.remotedomain.org -p 22 ; expect assword ; send "sshpassword\n" ; interact'
In this example the password sshpassword is returned when the ssh program requires a password. Expect waits for some text to be displayed in the command-line terminal then returns text in return. The Menu Item must be "Run in terminal", therefore.
SHC (Encrypt scripts)
sudo add-apt-repository 'http://archive.debian.org/debian etch main'
then install the shc package:
sudo apt-get install shc
Capture a screenshot
See this tutorial.
Customize desktop to look like KDE
In recent versions of Ubuntu, the Gnome desktop can be made to resemble the cleaner KDE desktop with some customization. (Customizations are highly personal, and this section represents preference only.)
Run a KDE 4 desktop from Ubuntu
It is possible to install the KDE4-based desktop (the default in Kubuntu) in Ubuntu.
apt-get install kubuntu-desktop
There is a risk of software bloat and some incompatibilities between modules when doing this. At login, you can choose (as an option) whether to start the KDE (Kubuntu) desktop or the Gnome (Ubuntu) desktop. Nevertheless, when there are two modules trying to perform the same function (one from each desktop), it is possible to have conflicts.
Run a KDE 3 desktop from Ubuntu
You can also install the older KDE 3 desktop on Lucid, or almost any KDE3 application.
- Add the following KDE 3 repositories:
sudo add-apt-repository ppa:kde3-maintainers
- Install KDE 3.5 desktop:
sudo apt-get update sudo apt-get install kubuntu-desktop-kde3
- To install any KDE3 app, append "-kde3" suffix to package name. See Pearson Computing for additional details.
Kill (end) a process
- There are many tricks to try to fix a frozen PC. Press Alt+F2, and use killall to end the frozen application. Example:
sudo killall amarok sudo killall firefox
- In order to terminate a stuck graphical application use the xkill utility. Press Alt+F2, type xkill, and press Run. Point the cursor to the application you want to kill and press the left mouse button. This should kill the selected application.
- Another trick to try is pressing AltGr+SysRq+K (RightAlt+PrintScreen+K). This will log you out. But, what happens if this does not work? Try pressing Ctrl+Alt+F1,login, enter your password and run:
sudo killall gdm sudo startx
View hidden files
In the Nautilus file manager, press:
Mute notifications (alerts)
- Notifications (alerts) can be disabled:
- Menu -> System -> Preferences -> Sound -> Sound Effects -> Sound theme: -> No sounds -> Close
- GNOME notifications (alerts) are associated with sounds by default. This can also be disabled separately:
- Alt-F2 -> gconf-editor -> /apps/indicator-sound -> volume_mute (ticked)
- Turn off login notification sound:
- Menu -> System -> Preferences -> Startup Applications -> Startup Programs -> GNOME Login Sound (unticked) -> Close
- -> Menu -> System -> Administration -> Login Screen -> Unlock -> Play login sound (unticked) -> Close
Use Windows-appearing fonts
Users who switch to Ubuntu from Windows may notice subtle differences between the default fonts in Ubuntu and those in Windows. The Microsoft Core Fonts can be installed as part of the ubuntu-restricted-extras package, or separately:
sudo apt-get install ttf-mscorefonts-installer
Most default fonts in Windows are Times New Roman. You can select the Times New Roman fonts in applications like Firefox to make them appear like Windows. However, the Deja Vu font in Ubuntu mimics the Times New Roman font closely, and has been found to be desirable for most users.
Filenames with spaces
- Filenames or folder names with spaces in them should be enclosed with parentheses (" "). For example, to change to a directory named "This Dir" or "/home/This Dir", use the command:
cd "This Dir"
cd /home/"This Dir"
- Alternatively, a space in a filename or folder name can be preceded with a backslash. For example, to change to a directory named "This Dir" or "/home/This Dir":
cd This\ Dir
cd /home/This\ Dir
Alien is a method for converting (Red Hat) .rpm packages into (Debian) .deb packages. It is not reliable and converted packages must be tested extensively for functionality, with line changes often required. It is often more reliable to create (Debian) .deb packages from source, and even the Alien software maintainers do not recommend using Alien for important packages. To keep alien from changing the version number, use the following command
alien -k rpm_file_name.rpm
Convert the package.rpm into a package.deb
alien -d package-name.rpm
Convert the package.rpm into a package.deb, and install the generated package
alien -i package-name.rpm
To convert .rpm to debian
sudo alien -k *.rpm
Permissions error on program startup
If you get a permissions error, try the following:
sudo chown -R user /home/user
- Note: Replace user with the actual username. This command changes the owner of the folder /home/user to user. -R means "recursively", i.e. including all subfolders.
If you receive the "cdrecord has no permission to open the device" error while burning using a CD burner, open a terminal and type:
sudo chmod 777 /dev/scd0
- Note: replace "/dev/scd0" with your own device.
- Note: chmod 777 is the universal option for granting full permission to a folder. The 777 mask indicates that read, write, and execute permission is given to all users.
Linux is largely a community of volunteers and as such represents one of the largest altruistic efforts on earth. This includes companies who decide to contribute their own software into the public domain for free use. The continued success of sharing depends on licenses that keep software free and usable for anyone who wants to use it. However, there must be a method for Linux users and developers to make money, as well. Licensing helps protect each of these efforts. See the Wikipedia Free Software Licensing article and the GNU operating system licensing page for more complete information.
- Kubuntu Derivatives do not need a license, according to its developer. See this blog article.
The GPLv3 license (and the Affero GPLv3 license for network-based software) intends that the software module or package is free to use in any environment, and furthermore, any software that relies on that GPLv3-licensed module must in turn also be completely free. Commercial and proprietary software packages can't use or incorporate GPLv3-licensed modules.
The Lesser GPL license intends that the software module or package is free to use in any environment, including in commercial and proprietary software packages. This allows companies to develop proprietary packages which includes LGPL-licensed modules, from which they can make a profit. The disadvantage is that their products (which benefit from the LGPL-licensed modules) are not required to be in the public domain in turn. (Many companies often later donate their entire package into the public domain, however, after they no longer make a profit from them.)
The ODbL (Open Database License) is a "share alike" open license intended for databases.
The Apache license has been around a long time. It is compatible with the GPLv3 license, but, unlike the GPLv3 license, it does not require modified software to retain the Apache license. In other words, Apache-licensed software can be modified and the modified software then made proprietary (and therefore not returned to the open source community).
The BSD license is similar to a public domain license. There are currently many confusing iterations of the BSD license, however, mostly regarding attribution notices and advertising that is required to be provided along with any software derivatives. The BSD license allows the option of propagation of either (otherwise-licensed) free open source restrictions or proprietary restrictions. It therefore allows a mix of (otherwise-licensed) proprietary modules and open sourced-licensed modules to co-exist in the same package. This flexibility has made the BSD license popular with complex distributions (such as the (BSD Unix-based) Mac OS X operating system, for example.
Creative Commons licenses
Espoused by many large public-domain projects, there are a variety of Creative Commons copyright licenses for different scenarios. Many variations impose "non-free" limitations and versions prior to version 3 were denounced by several large open-source projects; particular variations of this license must be examined closely.
There is a vast array of proprietary licenses, all different. You never know what your limitations for software are unless you read every word. Most are attempts by lawyers to have an opportunity to create a lawsuit in the future. Some may be called "free" licenses but have many limitations which you will not be aware of until you are in the middle of a lawsuit. No license outside of the GPLv3 license is recommended. Be careful when committing your organization to a mission-critical software package with a proprietary license. Also see this outstanding article on the Open Source Enterprise Trap.= User Administration =
Users and Groups
- Note: The Unity user interface does not currently have a GUI method to modify user and group settings. For an introduction to managing users and groups from the CLI (command-line interface) see the Ubuntu Server Guide and this brief tutorial.
Manage Users and Groups with the Gnome2 GUI
- Gnome2 (the user interface for older versions of Ubuntu) included a GUI for managing users and groups. That Users and Group Management Tool from Gnome2 can be installed as part of Gnome System Tools:
sudo apt-get install gnome-system-tools
You can then launch it from Unity Dash, by pressing ALT+F2, or by creating a menu item with the command:
- Change user and group settings
- Menu -> System -> Administration -> Users and Groups
- Add New Users
- Menu -> System -> Administration -> Users and Groups -> Add
- Remove Users
- Menu -> System -> Administration -> Users and Groups -> user -> Delete
- Modify Users
- Menu -> System -> Administration -> Users and Groups -> user -> Advanced Settings
- Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups
It is quite often necessary to have extra privileges to do certain tasks. These privileges are assigned to your user by belonging to certain groups. The tasks are allowed to be performed by any user belonging to the group associated with that task.
- Example: a "sudoer" is a user who can perform certain administrative tasks, such as updating the system. To become a "sudoer" a user must belong to the "sudo" group.
- Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups --> sudo -> Properties -> Group Members -> user (ticked)
To become an administrator, you must belong to the adm, admin, and sudo groups. To be a virtualbox user, you must belong to the virtualbox group. To change printer settings you must belong to lpadmin. To use the cdrom, you must belong to cdrom. To use hot-pluggable devices, you must belong to plugdev. To share Samba folders (on a Windows-based network), you must belong to sambashare. To access NTFS files using the virtual filesystem fuse, you must belong to the fuse group. To use many games, you must belong to the games group. The list is long, and not always obvious.
Unfortunately, while this is the feature that gives Linux such a high-level of security, it can also take diligence to remember to add your user to certain groups. It is not uncommon for programs and functions on your system not to work merely because you don't have privileges to do so because you forgot to add your user to the appropriate group(s).
Of most importance, you must already be an administrator in order to change membership in groups. Therefore, if you create a new user and intend to give that user administrative privileges (by assigning the user to the administrative groups), you must do so from your original administrator account (the one you set up at installation) or from another administrative user account.
Timekpr (Parental controls)
- If updating, remove any prior versions:
sudo dpkg --purge timekpr
- Add the timekpr third-party repositories:
deb deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu oneiric main deb-src deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu oneiric main
sudo apt-get install timekpr
- When prompted which default display manager to use, select "kdm"
- K menu -> System -> Timekpr Control Panel
Web content filtering
DansGuardian provides web filtering capability, similar to NetNanny. It is useful for limiting objectionable content in publicly accessible workstations, or for filtering objectionable content for younger users. It integrates with ClamAV, and uses several criteria for filtering websites (which is difficult to modify). It is used with Tinyproxy (best for individual users) or the Squid proxy (best for a network server). Install:
sudo apt-get install dansguardian tinyproxy
sudo apt-get install dansguardian squid
See these installation instructions for setup details. In brief,
- Edit the dansguardian configuration file:
sudo nano /etc/dansguardian/dansguardian.conf
- comment out the UNCONFIGURED line:
- If using tinyproxy instead of Squid, change the proxyport to 8888:
- Reinstall dansguardian:
sudo apt-get install --reinstall dansguardian
- Set your browser to use the localhost:8080 proxy. For example, in Firefox:
- Firefox -> Edit -> Preferences -> Advanced -> Network -> Settings
- Manual proxy configuration -> HTTP proxy: localhost -> Port: 8080
- A Webmin module is available to administer settings. Also, a GUI to change Dansguardian settings called Webstrict is in development.
- A GUI for use with IPCop (based on the webmin module) is also available.
- Cron is a system daemon that runs tasks in the background according to instructions found in a crontab file. To edit the crontab file for the current user:
Tasks that normally require administrative (sudo) privileges should be added to the root user's crontab:
sudo crontab -e
- Scheduled/automated tasks (cron events) can also be edited using the GNOME schedule GUI interface.
- Menu -> System -> Administration -> Task Scheduler
- If the GNOME Schedule task scheduler is not installed, install it:
sudo apt-get install gnome-schedule
Login Menu settings
You can change the Login menu settings from the GUI interface:
- Menu -> System -> Administration -> Login Manager
You can choose an integrated theme or select individual components of the login screen/process.
Automating bootup options
StartupManager is a GUI to manage settings for Grub (Grub Legacy), Grub 2, Usplash, and Splashy.
GRUB boot manager settings
Trusty comes with Grub2, a difficult boot manager to customize. (Grub2 is also known as grub-pc.) See the evolving instructions at the Ubuntu wiki or Ubuntu forums. In brief, some settings can be edited:
sudo nano /etc/default/grub sudo grub-mkconfig --output=/boot/grub/grub.cfg
Alternatively, use the command:
Grub2 background image, colors, fonts
- See this Ubuntu Forums thread.
- Any background image can be used for Grub2 by placing the image in the /boot/grub folder and then reconfiguring Grub2:
The image ought to be the same size as the Grub2 startup resolution specified in /etc/default/grub (e.g. 1024x768).
- A selection of splashimages can be installed into the /usr/share/images/grub folder:
sudo apt-get install grub2-splashimages
- One of the images can be linked to the /boot/grub folder and used as the splash image. For example:
sudo ln -s /usr/share/images/grub/Plasma-lamp.tga /boot/grub sudo update-grub
Change the default menu item
- There are several ways to change the default Grub2 menu item, but only one is reliable. The menu items in Grub2 change name and position in the list with every kernel upgrade. However, if you choose the default menu item by name, you can reliably set it as the default. For example, if you wish to boot a Windows OS as the default and the Grub 2 menu lists it as Microsoft Windows 98SE Ancient Edition (on /dev/sda1) then edit /etc/default/grub:
sudo kate /etc/default/grub
and change the entry to resemble:
GRUB_DEFAULT="Microsoft Windows 98SE Ancient Edition (on /dev/sda1)"
then regenerate the Grub2 config file:
To find out the names of the menu items, use:
sudo grep menuentry /boot/grub/grub.cfg
- Note: There is a bug in Grub2 v.1.99 such that if the GRUB_DEFAULT option is used, the Grub2 menu can not be entered (for manually selecting a menu item). If the default option is a non-Linux OS, there will then be no way start a Linux OS (and therefore no way to subsequently change the /etc/default/grub configuration file). Use this option with great care.
Protecting Grub2 from cracking
- See this section of the Grub Manual for important information on securing Grub2.
- To add password protection, in the /etc/grub.d/40_custom configuration file, add the lines:
set superusers="user1" #password_pbkdf2 user1 grub.pbkdf2.sha512.10000.biglongstring password user1 insecurecleartextpassword
and change your password to something other than insecurecleartextpassword, or use the pbkdf2-encrypted method described here. You can then password-lock menu items as well. For detailed info see this blog.
The older version of GRUB ("Grub Legacy") is available, for use with a boot partition, for example. Install:
sudo apt-get install grub
- If you have multiple operating systems (OS) on your computer, you may be using the GRUB Legacy boot manager (in a boot partition, for example). You can edit the options for GRUB Legacy in the menu.lst configuration file. (See this detailed info.)
sudo nano /boot/grub/menu.lst
- (gedit can also be used instead of nano as the text editor.)
Chainloading Grub2 from Grub Legacy
- To chainload Grub2 (installed in this example with the OS in the /dev/sda7 partition) from Grub Legacy (stored in a boot partition, for example), use an entry of this format in the Grub Legacy /boot/grub/menu.lst configuration file:
title (K)Ubuntu Trusty OS (chainloader) rootnoverify (hd0,6) chainloader +1
- Grub2 is erratic, however. In many situations I don't bother to chainload it at all. Instead, it is possible to bypass Grub2 entirely and load the OS directly using Grub Legacy (stored in a boot partition, for example) using an entry in /boot/grub/menu.lst of the format:
title (K)Ubuntu Oneiric OS (chainloader) rootnoverify (hd0,6) kernel /vmlinuz root=/dev/sda7 ro initrd /initrd.img
- My old method for chainloading Grub2 (installed in this example in the /dev/sda7 partition) from Grub Legacy used an entry in the Grub Legacy configuration file (/boot/grub/menu.lst) with this format:
title (K)Ubuntu Maverick OS (chainloader) rootnoverify (hd0,6) kernel /boot/grub/core.img
- This method, however, requires a current core.img to have been created with grub-mkimg (part of the grub-install process). When there are substantial changes to the partition or the kernel, the core.img must be re-created by re-installing Grub2 into the OS partition (in this example /dev/sda7 corresponds to (hd0,6) ):
sudo grub-install /dev/sda7
Protecting Grub Legacy from cracking
- See this section of the Grub Manual for important information on securing Grub Legacy.
- To add password protection, in the /boot/grub/menu.lst configuration file, uncomment (remove the hashmark) from the line:
and change your password to something other than topsecret, or use the md5-encrypted method described here. You can then password-lock menu items by adding the descriptor lock below the title of any item menu.
In previous version of ubuntu, you could choose which program to use as your default program for a specific task.
- Menu -> System -> Administration -> Default Applications
or by right-clicking on any file and choosing the "Open with Other Application..." option.
The Default Applications menu has now been removed from Ubuntu, however. For a GUI that will allow this and multiple similar Ubuntu system tweaks, install Ubuntu Tweak:
wget http://launchpad.net/ubuntu-tweak/0.5.x/0.5.8/+download/ubuntu-tweak_0.5.8-1_all.deb sudo dpkg -i ubuntu-tweak_0.5.8-1_all.deb
Kill a process
Sometimes a program (or "process") just freezes. To "kill" (or end) the program/process:
- Menu -> System -> Administration -> System Monitor -> highlight the errant process -> Kill process
From the command line:
sudo killall process
- where process is the name of the frozen program, such as firefox.
Enabling NUM LOCK On Startup
- Menu -> System -> Administration -> Keyboard & Mouse -> Keyboard ->"turn on Numlock on Startup"
Working with Menus
Create an encrypted folder
You can create a folder whose contents are encrypted. See these instructions.
Create a symlink from a file to another location
A symbolic link (also known as a symlink) is a method in Linux of referring to a file (or directory) in one location from another location. Usage:
ln -s /path/to/source /path/to/destination
If /path/to/destination requires superuser rights, then use:
sudo ln -s /path/to/source /path/to/destination
This is similar to, but more powerful than, creating Shortcuts, with which former Windows users may be familiar.
Assign a root password
To be able to log in as root directly, you must assign a root password. This can be done with:
sudo passwd root
Afterwards, you can use
to get a root prompt. You would then use the root password.
Get a root prompt without using a root password
If you have not set a root password (or don't know it), you can obtain root user privileges anyway. From the command-line Terminal:
You will use your own user password instead of a root password.
You could also get a prompt to become any other user on the computer by typing:
sudo su <username>
Use the File Manager as root
Manually Mount and Unmount a device
To manually mount a device:
replace /dev/hda with the location of the device.
To manually unmount a device:
replace /dev/hda with the location of the device.
Mounting NTFS Partitions (with read/write privileges)
Find out the name of your ntfs partition:
sudo fdisk -l
Method 1: In this example, the NTFS drive is listed by fdisk as /dev/sda2, but yours may differ.
Make a mount point for the drive:
sudo mkdir /media/WindowsNTFS
sudo nano /etc/fstab
Comment out the automatically added lines by Ubuntu installation:
#/dev/sda2 auto nouser,atime,noauto,rw,nodev,noexec,nosuid 0 0 #/dev/sda2 /mnt auto user,atime,noauto,rw,nodev,noexec,nosuid 0 0
and instead add the line:
/dev/sda2 /media/WindowsNTFS ntfs-3g quiet,defaults,rw 0 0
In this example, I indicated that the file system was an ntfs-3g filesystem, so did not use the auto option (which detects the filesystem automatically). I used rw to specify read/write privileges for all users, but umask=0 and umask=000 are accepted by some kernels.
Method 2: Edit fstab:
sudo nano /etc/fstab
When Ubuntu installation finishes, it mounts all ntfs partitions automatically with ntfsprogs, adding a line similar to the following to fstab:
UUID=8466268666267956 /media/sda1 ntfs defaults,gid=46 0 1
Change this line to:
UUID=8466268666267956 /media/sda1 ntfs-3g defaults,nls=utf8,locale=zh_CN.UTF-8,rw,gid=46 0 1
In this example, I have a Chinese-language Windows installation on my first partition, so I set the locale parameter (locale=zh_CN.UTF-8) so that my Chinese documents can display correctly. Setting rw (same as umask=0 or umask=000) lets me read/write the partition without sudo. gid=46 specifies that the drive will belong to the group of hot-pluggable devices (plugdev) and is not necessary unless your ntfs drive is a hot-pluggable one (such as an external USB drive). nls=utf8 is the default and is optional for most ntfs users, but there are other options for Chinese (and other specialized character-set users).
Mounting FAT32 Partitions
Follow the above instructions, but use vfat instead of ntfs-3g.
In other words, if you have made a mount point directory /mnt/WindowsFAT32 and your FAT32 drive is /dev/sda3, then edit the /etc/fstab file to include the line:
/dev/sda3 /mnt/WindowsFAT32 vfat quiet,defaults,rw 0 0
Synchronize clock to network time server
The Network Time Protocol (NTP) allows time synchronization of your computer to time servers on the Internet.To enable it:
- Applications menu -> System Settings -> Date & Time
- Check the "Set date and time automatically" option
- Choose an ntp time server near you.