Ubuntu Precise User Administration

From

Revision as of 13:21, 2 November 2013 by Perspectoff (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Ubuntu Precise User Administration
Full page | eBook Version

Contents

User Administration

Users and Groups

  • Note: The Unity user interface does not currently have a GUI method to modify user and group settings. For an introduction to managing users and groups from the CLI (command-line interface) see the Ubuntu Server Guide and this brief tutorial.

Manage Users and Groups with the Gnome2 GUI

  • Gnome2 (the user interface for older versions of Ubuntu) included a GUI for managing users and groups. That Users and Group Management Tool from Gnome2 can be installed as part of Gnome System Tools:
sudo apt-get install gnome-system-tools

You can then launch it from Unity Dash, by pressing ALT+F2, or by creating a menu item with the command:

users-admin 
  • Change user and group settings
Menu -> System -> Administration -> Users and Groups
  • Add New Users
Menu -> System -> Administration -> Users and Groups -> Add
  • Remove Users
Menu -> System -> Administration -> Users and Groups -> user -> Delete
  • Modify Users
Menu -> System -> Administration -> Users and Groups -> user -> Advanced Settings
or
Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups

It is quite often necessary to have extra privileges to do certain tasks. These privileges are assigned to your user by belonging to certain groups. The tasks are allowed to be performed by any user belonging to the group associated with that task.

Example: a "sudoer" is a user who can perform certain administrative tasks, such as updating the system. To become a "sudoer" a user must belong to the "sudo" group.
Menu -> System -> Administration -> Users and Groups -> user -> Manage Groups --> sudo -> Properties -> Group Members -> user (ticked)

To become an administrator, you must belong to the adm, admin, and sudo groups. To be a virtualbox user, you must belong to the virtualbox group. To change printer settings you must belong to lpadmin. To use the cdrom, you must belong to cdrom. To use hot-pluggable devices, you must belong to plugdev. To share Samba folders (on a Windows-based network), you must belong to sambashare. To access NTFS files using the virtual filesystem fuse, you must belong to the fuse group. To use many games, you must belong to the games group. The list is long, and not always obvious.

Unfortunately, while this is the feature that gives Linux such a high-level of security, it can also take diligence to remember to add your user to certain groups. It is not uncommon for programs and functions on your system not to work merely because you don't have privileges to do so because you forgot to add your user to the appropriate group(s).

Of most importance, you must already be an administrator in order to change membership in groups. Therefore, if you create a new user and intend to give that user administrative privileges (by assigning the user to the administrative groups), you must do so from your original administrator account (the one you set up at installation) or from another administrative user account.

Timekpr (Parental controls)

Timekpr is a program to track and control the computer usage of user accounts. It is available from a Launchpad PPA.

  • If updating, remove any prior versions:
sudo dpkg --purge timekpr
deb deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu oneiric main
deb-src deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu oneiric main
  • Install:
sudo apt-get install timekpr
When prompted which default display manager to use, select "kdm"
  • Start:
K menu -> System -> Timekpr Control Panel

Web content filtering

DansGuardian provides web filtering capability, similar to NetNanny. It is useful for limiting objectionable content in publicly accessible workstations, or for filtering objectionable content for younger users. It integrates with ClamAV, and uses several criteria for filtering websites (which is difficult to modify). It is used with Tinyproxy (best for individual users) or the Squid proxy (best for a network server). Install:

sudo apt-get install dansguardian tinyproxy
or
sudo apt-get install dansguardian squid

See these installation instructions for setup details. In brief,

  • Edit the dansguardian configuration file:
sudo nano /etc/dansguardian/dansguardian.conf
comment out the UNCONFIGURED line:
#UNCONFIGURED
If using tinyproxy instead of Squid, change the proxyport to 8888:
proxyport 8888
  • Reinstall dansguardian:
sudo apt-get install --reinstall dansguardian
  • Set your browser to use the localhost:8080 proxy. For example, in Firefox:
  • Firefox -> Edit -> Preferences -> Advanced -> Network -> Settings
  • Manual proxy configuration -> HTTP proxy: localhost -> Port: 8080

System Administration

Automating Tasks

  • Cron is a system daemon that runs tasks in the background according to instructions found in a crontab file. To edit the crontab file for the current user:
crontab -e

Tasks that normally require administrative (sudo) privileges should be added to the root user's crontab:

sudo crontab -e

Add commands using the format specified here (or see the Ubuntu Community Help). The crontab command format can also be found using:

man crontab
  • Scheduled/automated tasks (cron events) can also be edited using the GNOME schedule GUI interface.
Menu -> System -> Administration -> Task Scheduler
  • If the GNOME Schedule task scheduler is not installed, install it:
sudo apt-get install gnome-schedule

Boot Menu

Login Menu settings

You can change the Login menu settings from the GUI interface:

Menu -> System -> Administration -> Login Manager

You can choose an integrated theme or select individual components of the login screen/process.

Automating bootup options

StartupManager is a GUI to manage settings for Grub (Grub Legacy), Grub 2, Usplash, and Splashy.

GRUB boot manager settings

Grub2

Precise comes with Grub2, a difficult boot manager to customize. (Grub2 is also known as grub-pc.) See the evolving instructions at the Ubuntu wiki or Ubuntu forums. In brief, some settings can be edited:

sudo nano /etc/default/grub
sudo grub-mkconfig --output=/boot/grub/grub.cfg

Alternatively, use the command:

sudo update-grub
Grub2 background image, colors, fonts
  • See this Ubuntu Forums thread.
  • Any background image can be used for Grub2 by placing the image in the /boot/grub folder and then reconfiguring Grub2:
sudo update-grub

The image ought to be the same size as the Grub2 startup resolution specified in /etc/default/grub (e.g. 1024x768).

  • A selection of splashimages can be installed into the /usr/share/images/grub folder:
sudo apt-get install grub2-splashimages
  • One of the images can be linked to the /boot/grub folder and used as the splash image. For example:
sudo ln -s /usr/share/images/grub/Plasma-lamp.tga /boot/grub
sudo update-grub
Change the default menu item
  • There are several ways to change the default Grub2 menu item, but only one is reliable. The menu items in Grub2 change name and position in the list with every kernel upgrade. However, if you choose the default menu item by name, you can reliably set it as the default. For example, if you wish to boot a Windows OS as the default and the Grub 2 menu lists it as Microsoft Windows 98SE Ancient Edition (on /dev/sda1) then edit /etc/default/grub:
sudo kate /etc/default/grub

and change the entry to resemble:

GRUB_DEFAULT="Microsoft Windows 98SE Ancient Edition (on /dev/sda1)"

then regenerate the Grub2 config file:

sudo update-grub

To find out the names of the menu items, use:

sudo grep menuentry /boot/grub/grub.cfg
  • Note: There is a bug in Grub2 v.1.99 such that if the GRUB_DEFAULT option is used, the Grub2 menu can not be entered (for manually selecting a menu item). If the default option is a non-Linux OS, there will then be no way start a Linux OS (and therefore no way to subsequently change the /etc/default/grub configuration file). Use this option with great care.
Protecting Grub2 from cracking
  • To add password protection, in the /etc/grub.d/40_custom configuration file, add the lines:
set superusers="user1"
#password_pbkdf2 user1 grub.pbkdf2.sha512.10000.biglongstring
password user1 insecurecleartextpassword

and change your password to something other than insecurecleartextpassword, or use the pbkdf2-encrypted method described here. You can then password-lock menu items as well. For detailed info see this blog.

GRUB Legacy

The older version of GRUB ("Grub Legacy") is available, for use with a boot partition, for example. Install:

sudo apt-get install grub
  • If you have multiple operating systems (OS) on your computer, you may be using the GRUB Legacy boot manager (in a boot partition, for example). You can edit the options for GRUB Legacy in the menu.lst configuration file. (See this detailed info.)
sudo nano /boot/grub/menu.lst
(gedit can also be used instead of nano as the text editor.)
Chainloading Grub2 from Grub Legacy
  • To chainload Grub2 (installed in this example with the OS in the /dev/sda7 partition) from Grub Legacy (stored in a boot partition, for example), use an entry of this format in the Grub Legacy /boot/grub/menu.lst configuration file:
title		(K)Ubuntu Precise OS (chainloader)
rootnoverify	(hd0,6)
chainloader	+1
  • Grub2 is erratic, however. In many situations I don't bother to chainload it at all. Instead, it is possible to bypass Grub2 entirely and load the OS directly using Grub Legacy (stored in a boot partition, for example) using an entry in /boot/grub/menu.lst of the format:
title		 (K)Ubuntu Oneiric OS (chainloader)
rootnoverify	 (hd0,6)
kernel	 	 /vmlinuz root=/dev/sda7 ro
initrd	 	 /initrd.img
  • My old method for chainloading Grub2 (installed in this example in the /dev/sda7 partition) from Grub Legacy used an entry in the Grub Legacy configuration file (/boot/grub/menu.lst) with this format:
title		 (K)Ubuntu Maverick OS (chainloader)
rootnoverify	 (hd0,6)
kernel	 	 /boot/grub/core.img
This method, however, requires a current core.img to have been created with grub-mkimg (part of the grub-install process). When there are substantial changes to the partition or the kernel, the core.img must be re-created by re-installing Grub2 into the OS partition (in this example /dev/sda7 corresponds to (hd0,6) ):
sudo grub-install /dev/sda7
Protecting Grub Legacy from cracking
  • To add password protection, in the /boot/grub/menu.lst configuration file, uncomment (remove the hashmark) from the line:
#password topsecret

and change your password to something other than topsecret, or use the md5-encrypted method described here. You can then password-lock menu items by adding the descriptor lock below the title of any item menu.

Default Applications

In previous version of ubuntu, you could choose which program to use as your default program for a specific task.

Menu -> System -> Administration -> Default Applications

or by right-clicking on any file and choosing the "Open with Other Application..." option.

The Default Applications menu has now been removed from Ubuntu, however. For a GUI that will allow this and multiple similar Ubuntu system tweaks, install Ubuntu Tweak:

wget http://launchpad.net/ubuntu-tweak/0.5.x/0.5.8/+download/ubuntu-tweak_0.5.8-1_all.deb
sudo dpkg -i ubuntu-tweak_0.5.8-1_all.deb

Kill a process

Sometimes a program (or "process") just freezes. To "kill" (or end) the program/process:

Menu -> System -> Administration -> System Monitor -> highlight the errant process -> Kill process

From the command line:

sudo killall process
where process is the name of the frozen program, such as firefox.

Enabling NUM LOCK On Startup

Menu -> System -> Administration -> Keyboard & Mouse -> Keyboard ->"turn on Numlock on Startup"

Working with Menus

Create an encrypted folder

You can create a folder whose contents are encrypted. See these instructions.

Create a symlink from a file to another location

A symbolic link (also known as a symlink) is a method in Linux of referring to a file (or directory) in one location from another location. Usage:

ln -s /path/to/source /path/to/destination

If /path/to/destination requires superuser rights, then use:

sudo ln -s /path/to/source /path/to/destination

This is similar to, but more powerful than, creating Shortcuts, with which former Windows users may be familiar.

Assign a root password

To be able to log in as root directly, you must assign a root password. This can be done with:

sudo passwd root

Afterwards, you can use

su

to get a root prompt. You would then use the root password.

Get a root prompt without using a root password

If you have not set a root password (or don't know it), you can obtain root user privileges anyway. From the command-line Terminal:

sudo -s
or
sudo su
or
sudo bash

You will use your own user password instead of a root password.

You could also get a prompt to become any other user on the computer by typing:

sudo su <username>

Use the File Manager as root

sudo nautilus
or
gksudo nautilus

Manually Mount and Unmount a device

To manually mount a device:

mount /dev/hda

replace /dev/hda with the location of the device.

To manually unmount a device:

umount /dev/hda

replace /dev/hda with the location of the device.

Windows Compatibility

Mounting NTFS Partitions (with read/write privileges)

Find out the name of your ntfs partition:

sudo fdisk -l

Method 1: In this example, the NTFS drive is listed by fdisk as /dev/sda2, but yours may differ.

Make a mount point for the drive:

sudo mkdir /media/WindowsNTFS

Edit fstab:

sudo nano /etc/fstab

Comment out the automatically added lines by Ubuntu installation:

#/dev/sda2  auto nouser,atime,noauto,rw,nodev,noexec,nosuid 0 0
#/dev/sda2 /mnt auto user,atime,noauto,rw,nodev,noexec,nosuid 0 0

and instead add the line:

/dev/sda2 /media/WindowsNTFS ntfs-3g quiet,defaults,rw 0 0

Note: There are many ways to mount the drive, depending on your needs. The fstab file controls this process. See How to edit and understand fstab and Intro to using fstab.

In this example, I indicated that the file system was an ntfs-3g filesystem, so did not use the auto option (which detects the filesystem automatically). I used rw to specify read/write privileges for all users, but umask=0 and umask=000 are accepted by some kernels.


Method 2: Edit fstab:

sudo nano /etc/fstab

When Ubuntu installation finishes, it mounts all ntfs partitions automatically with ntfsprogs, adding a line similar to the following to fstab:

UUID=8466268666267956 /media/sda1     ntfs    defaults,gid=46 0       1

Change this line to:

UUID=8466268666267956 /media/sda1     ntfs-3g    defaults,nls=utf8,locale=zh_CN.UTF-8,rw,gid=46 0       1

In this example, I have a Chinese-language Windows installation on my first partition, so I set the locale parameter (locale=zh_CN.UTF-8) so that my Chinese documents can display correctly. Setting rw (same as umask=0 or umask=000) lets me read/write the partition without sudo. gid=46 specifies that the drive will belong to the group of hot-pluggable devices (plugdev) and is not necessary unless your ntfs drive is a hot-pluggable one (such as an external USB drive). nls=utf8 is the default and is optional for most ntfs users, but there are other options for Chinese (and other specialized character-set users).

Mounting FAT32 Partitions

Follow the above instructions, but use vfat instead of ntfs-3g.

In other words, if you have made a mount point directory /mnt/WindowsFAT32 and your FAT32 drive is /dev/sda3, then edit the /etc/fstab file to include the line:

/dev/sda3 /mnt/WindowsFAT32 vfat quiet,defaults,rw 0 0

Synchronize clock to network time server

The Network Time Protocol (NTP) allows time synchronization of your computer to time servers on the Internet.To enable it:

  • Applications menu -> System Settings -> Date & Time
  • Check the "Set date and time automatically" option
  • Choose an ntp time server near you.
Personal tools
Sponsor
   CuBox