Nxl67170 - Ubuntu

Introduction

This is the configuration page for the Ubuntu Precise 12.04 partition on NXL67170.

Configuration Files

All configuration files can be found here.

Repositories

To be completed.

Installed Applications

Common applications
See Common configuration for Linux.

sudo aa-complain cupsd

ln -s /usr/share/doc/stl-manual/html /var/www/sgi

sudo apt-get install zlib1g-dev libcurl4-openssl-dev expat asciidoc     # More packages might be needed
git clone git://github.com/gitster/git.git          # Use proxygit if behind a proxy
cd git
make configure                                      # See also INSTALL
./configure --prefix=/usr/local                     # In // of existing package installation. /usr/local has precedence
make all doc
sudo make install install-doc install-html

sudo ln -s /usr/bin/ack-grep /usr/local/bin/ack

[Added Associations]
application/pdf=acroread.desktop;evince.desktop;gimp.desktop

application/pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-bzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.bz2
application/x-gzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.gz

Un-installed applications (by uninstall date):

Simple Settings

• SUDO - keep environment variable http_proxy, https_proxy (to keep proxy settings for apt-get etc)
• SUDO - keep environment variable GREP_OPTIONS (keep grep options)
• SUDO - keep environment variable DISPLAY, XAUTHORITY (avoid doing xhost local:root before launching X pgm)
• SUDO - keep environment variable HOME (e.g. to keep git aliases and settings when using etckeeper)

Defaults        env_reset, env_keep="http_proxy https_proxy GREP_OPTIONS DISPLAY XAUTHORITY HOME"

• SUDO - Allow truecrypt and rfkill w/o password:

ALL     ALL=NOPASSWD: /usr/bin/truecrypt
ALL     ALL=NOPASSWD: /sbin/rfkill

• CRON - cron script for automatic backup of wikis on Noekeon's (see config files).
• PROXY - script for automatic setup of network environment (proxy, ssh...) (see config files).
• Security — Disabled control-alt-del in console as recommended in Ubuntu Server Guide. Comment out the following line in the file /etc/init/control-alt-delete.conf:

#exec shutdown -r now "Control-Alt-Delete pressed"

• Add user www for synchronization of /data/www folder (localhost page):

sudo useradd -g www-data -G users -u 999 -s /bin/bash -m www
sudo passwd www
su - www
ssh-keygen                                         # Or copy .ssh/ copy from other www users
scp .ssh/id_rsa.pub .ssh/authorized_keys

Detailed System Settings

1st install

• 2nd install on [2013-02-20]
• Distribution: Ubuntu 12.04 amd64
• Installation method: Net boot install from Internet using GRUB
• Language: English
• Location: Europe, Belgium Time
• Computer name: nxl67170ux
• Keyboard layout: BE
• Name: beq06659
• Login name: beq06659
• Update: No automatic update
• Software to install: Ubuntu Desktop
• Partition: see main page

Kernel

• Initial kernel: Precise Pangolin 3.2.0-38-generic (see Ubuntu page).

File System

• For details, see /etc/fstab.
• NTFS partition:
  • C: → do not mount automatically. Risk of corruption if mounted while VirtualBox is running!
  • D: → mount as /win/d.
• NTFS partition must be mounted without umask=007,gid=46, or will get operation not permitted when modifying timestamps:

/dev/sda2               /win/c          ntfs        ro,users,nls=utf8,exec   0       2
/dev/sda7               /win/d          ntfs        users,nls=utf8,exec      0       2

• File system structure:

/:                                        
  drwxr-xr-x root      root      boot/       # /dev/sda3
  drwxr-xr-x root      root      data/       # /dev/sda8
  drwxr-xr-x root      root      net/
  lrwxrwxrwx root      root      sage -> /data/sage-4.2.1/
  drwxr-xr-x root      root      smb/
  drwxr-xr-x root      root      win/
/data:
  drwxr-xr-x root      root      home/
  drwxr-xr-x beq06659  beq06659  sage-4.2.1/
  drwxr-xr-x www-data  root      www/
/home/beq06659:
  lrwxrwxrwx beq06659  beq06659  Documents -> /windows/d/Profiles/beq06659/My Documents/
/net:
  # NFS autofs
/smb:
  drwxr-xr-x root      root      mnemosyne/   # SMB autofs
/var:
  lrwxrwxrwx root      root      www -> /data/www/
/win:
  drwxr-xr-x root      root      c/           # /dev/sda2
  lrwxrwxrwx root      root      d/           # /dev/sda7

• Configure acl on /data/d:

# VirtualBox uses /data/d as Windows D: drive. Since VirtualBox runs as 'root', all files gets root/root ownership.
# We use acl so that files gets group access beqO6659/rwx by default
cd /data
sudo chgrp -R beq06659 d
sudo chmod -R g+w d
find d -type d -print0|sudo xargs -0 chmod g+s
find d -type d -print0|sudo xargs -0 setfacl -m d:group:beq06659:rwx

• Configure acl on /data/www:

# Set default access condition to rwxr-xr-x / www / www-data
cd /data
sudo chgrp -R www-data www
find d -type www -print0|sudo xargs -0 chmod g+s
find d -type www -print0|sudo xargs -0 setfacl -m d:group:www-data:r-x
find d -type www print0|sudo xargs -0 setfacl -m d:user:www:r-x           # TODO: this one does not work with root...

Network

• Edited /etc/hosts (added names for intranet)
• Added to /etc/apt/apt.conf:

Acquire::http::proxy "http://localhost:8118/";
Acquire::ftp::proxy "ftp://localhost:8118/";
Acquire::https::proxy "https://localhost:8118/";

• Added to /etc/environment:

http_proxy="http://localhost:8118/"
ftp_proxy="ftp://localhost:8118/"
https_proxy="https://localhost:8118/"

• .pac files:
  • privoxy: file:///home/beq06659/etc/proxylocal-privoxy.pac (or http://localhost/proxy.pac to circumvent Opera bug)
  • nxp: http://nww.nics.nxp.com:8080/proxy.pac
• /etc/sudoers — keep variables http_proxy and https_proxy
• Proxy configurations

• SAMBA/NFS CLIENT - Mount mnemosyne shares as NFS autofs (see [3]) and as SMB autofs
• Enabled/created the following automounters in /etc/auto.master:

/net           /etc/auto.net
/smb/mnemosyne /etc/auto.smb.mnemosyne

• Created configuration file /etc/auto.smb.mnemosyne (mount options: noperm,iocharset=utf8,credentials=/etc/auto.smb.mnemosyne.*)
• Created SMB credential files /etc/auto.smb.mnemosyne.* (see man mount.cifs)
• Created path for mount points:

sudo mkdir /net
sudo mkdir -p /smb/mnemosyne
#ls /net/mnemosyne
#sudo mkdir -p /mnt/mnemosyne
#for i in /net/mnemosyne/volume1/*; do sudo ln -s $i /mnt/mnemosyne/$(basename $i); done

• NXP Wired (see Linux Admin#Network Manager - Search Path)
• Added local domain name be-leu01.nxp.com to /etc/resolv.conf
• NXP Wireless (see Linux Admin#Wireless Network)
• Network name (SSID): WLAN-WBI
• Wireless security: Dynamic WEP (802.1x)
• Authentication: TLS
• Identity: michael.peeters@nxp.com
• User certificate / CA certificate / Private key: imported from Windows (NXP Enterprise CA 1 for Client Authentication, Secure Email, serial 2F DF 1F D4 00 00 00 00 5E 1C)
• Privoxy settings:
  • Added to /etc/privoxy/user.action:

  { -filter }
  tennislibre.com
  

Firewall

• Moved user rules to /etc/ufw so that they can be tracked by etckeeper

cd /lib/ufw
sudo mv user* /etc/ufw
sudo ln -s /etc/ufw/user.rules
sudo ln -s /etc/ufw/user6.rules

• Enabled ufw

sudo ufw enable

• Policy:

sudo ufw allow from 192.168.11.2                   # Enable full access from local virtualbox
sudo ufw allow from 172.19.0.0/16 to any port 22   # Enable - from home local network - SSH

Preferences

• Theme
The mighty Macbuntu 10.04 theme! Reverted changes:
• Fonts — see below.
• Terminal — Colors select Use colors from system theme (was set to Gray on black built-in schemes). Keep transparent background 95%.
• Panel — add back System Monitor. We don't add back the bottom task panel.
• In Configuration Editor, /apps/metacity/general/button_layout: menu:minimize,maximize,close
• Appearance
• (before Macbuntu) Fonts — Application → Tahoma 9; Document→ Sans 8; Desktop → Sans 8; Title → Sans Bold 9; Fixed width → Monospace 8
• (after Macbuntu) Fonts — Application → Lucida Grande 9; Document→ Lucida Grande 9; Desktop → Lucida Grande 9; Title → Lucida Grande 10; Fixed width → Lucida Console 9 (originally Lucida Console 10)
• Fonts — rename ~/.fonts.conf to ~/.fonts.conf.macbuntu to disable macbuntu hinting settings override.
• Appearance
• Isabelle Hires Noir&Blanc crop-despeckle 936x1200.png, in ~/etc.
• Keyboard Layout (System-Wide)
• Layout: Belgium (default) + USA, no separate layout
  Custlayout Belgium (file /usr/share/X11/xkb/symbols/be) to allow AltGr-; → '<' and AltGr-: → '>', and support Greek letters with AltGr-Shift.
• Options: Capslock affects all keys, Alt+CapsLock or Right Ctrl+Right Shift switch layout, right alt chooses 3rd level.
  (because Alt+Shift,Left Ctrl+Left Shift prevents ctrl-alt-shift shortcuts to work, Right Ctrl conflicts with VirtualBox)
• Keyboard Shortcuts

Shortcut	Action	Remark
Super-E	Home Folder	Hack Super is mapped to Win keys not needed anymore it seems

• Window List Panel (see here)
• Window List Content → Show windows from all workspaces
• Restoring Minimized Windows → Restore to native workspace
• Fonts
• System fonts (/usr/local/share/fonts):

Added BitStream Vera 1.10

Added jsMath fonts (Linux variant, darkness 20 file, see here)

Added all jsMath extra fonts (dark version from this page)

• User fonts (~/.fonts):

Added Tahoma

• Compiz
• General Option - Move Window: SuButton2
  because AButton3 is used in OpenOffice to move columns / rows
• Static Application Switcher: Use AAlt for Next Window (current workspace)
• Scale: Multi-Output Mode → On all output devices, darken background, Emblem for overlay icon
• Ring Switcher: Enabled + Use SuTab for Next Windows (All Workspaces) + Allow Mouse Selection
• Enhanced Zoom Desktop: Disabled
• Negative: Disabled
• Desktop Wall: enabled Edge Flip Move.
• Put : disabled Put Pointer, enabled Put To Next Output (Superz) selected Avoid Offscreen.

Frequently used Compiz shortcuts (bold are custom ones)

Shortcut	Action	Remark
SASpace SuButton3	General Options - Window Menu
CALeft CARight	Desktop Wall - Move
SCALeft SCARight	Desktop Wall - Move with window
SSue	Expo Key
AF7	Move Window
Suz	Windows Put To Next Output
AF8 SuButton2	Resize Window
SuTab SSuTab	Ring Switcher	(All Workspaces)
Suw Sua / TopLeft / TopRight	Scale windows	Current viewport All windows
ATab SATab	Static application switcher	Current viewport

Detailed Application Settings

Amarok

Courier IMAP

• Install (reference here):
  • Create directories for web-based administration
  • SSL Certificate: /etc/courier/pop3d.pem, /etc/courier/imapd.pem
  • Postfix configuration: local only
  • System mail name: nxl67002ux.wbi.nxp.com
  • Created /etc/courier/userdb, and kept entries for root, localuser and beq06659
  • Use password from /etc/courier/userdb (method authuserdb).

Firefox

• Theme: macfox3 1.1.7
• Extensions (some disabled because Firefox hangs on launch/exit):
  • AutoPager 0.7.0.0 — disabled
  • Belgium eID 1.0.11 — disabled
  • CHM Reader 0.2.3
  • Cycle Input Focus 1.0.0 — disabled
  • Delicious Bookmarks 2.3.1
  • Fast Dial 3.4
  • FireGestures 1.5.7 — disabled
  • FoxyProxy Standard 3.3
  • Live HTTP headers 0.17
  • Ubuntu Firefox Modifications 0.9rc2
  • User Agent Switcher 0.7.3 — disabled

LAMP

Install the servers:

sudo apt-get install apache2 php5 mysql-server mysql-client php5-mysql
# --> Defined password for MySQL root user
sudo vi /etc/apache2/apache2.conf
# --> Added lines at line 32:
#     #MIP CUSTOM
#     ServerName "nxl67002ux"
# Restart apache server to activate php module...
sudo /etc/init.d/apache restart

# Move www root dir to /data disk
sudo mv /var/www /data
sudo ln -sf /data/www /var/www

Apache:

• configuration file is at /etc/apache2/apache2.conf
• Apache root http directory is /var/www
• Enable mod-rewrite module.
  In /etc/apache2/sites-available/default, change as: AllowOverride NoneFileInfo (twice).

Create databases that will store local copies of cryptokiwi and mikiwiki wiki, and of mikido:

MYSQL_HISTFILE=/dev/null mysql --user=root -p mysql

mysql> CREATE DATABASE cryptokiwi;
mysql> GRANT ALL PRIVILEGES ON cryptokiwi.* TO kiwi@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikiwiki;
mysql> GRANT ALL PRIVILEGES ON mikiwiki.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikido;
mysql> GRANT ALL PRIVILEGES ON mikido.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE nxpwiki;
mysql> GRANT ALL PRIVILEGES ON nxpwiki.* TO nxp@localhost IDENTIFIED BY '********';
mysql> quit

• Enabled HTTPS (requires valid-user)
• Firewall blocks port 80 but allow port 443 (so that localhost can connect w/o password but other guest needs password)

Nautilus

• Default view: List View
• Display, date format: YYYY-MM-DD hh:mm:ss
• List View: zoom 33%
• Icon View, Compact View: zoorm 66%
• Preview: all set to Never, and only for files smaller than 500kB (to prevent thumbnailing PDFs...)

Psi

(recovered from previous settings on Gryphon at ~/.psi)

• Gnome: Added Psi as startup program (Psi, /usr/bin/psi, Communicate over the jabber network).
• Options → Events → Enable popup notifications (all notifications)
• Modify Account... → Changed resource to work-ux
• Modify Account... → Automatically reconnect if disconnected
• Modify Account... → Proxy → localhost:8118

Samba

• See Samba server page on this wiki.
• File /etc/samba/smb.conf:

   security = user
   username map = /etc/samba/smbusers

# [...]

[homes]
   comment = Home Directories
   browseable = no
 
# [...]
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

• Added user beq06659
• Opened firewall ports (137/udp, 138/udp, 139/tcp, 445/tcp)

SSH

• Installed SSH-Tunnel
• Files recovered from other installation (ssh-tunnel v2.26 + patch):

/usr/local/bin
-rwxr-xr-x 1 root root ssh-agent-refresh_andlinux.sh
-rwxr-xr-x 1 root root ssh-agent-refresh.sh
-rwxr-xr-x 1 root root ssh.pl
-rwxr-xr-x 1 root root ssh-tunnel.pl

• User beq06659 - configuration file in directory ~/.ssh:
  • id_rsa || id_rsa.pub || authorized_keys || config* || proxy.conf* || clbanner.txt
• Disabled SSH Key Agent from Gnome Startup Applications
• Added startup application:
  • Name: startup.sh
  • Command: /home/beq06659/bin/startup.sh
  • Comment: Custom startup script
• Do not accept locale env var. LC_* from the client (see SSH#Missing Locale in Perl)

Terminal

• My custom configuration

Vim

• Added ~/.bash_completion from [4] (modified to also take alias v=gvim)

VirtualBox

• See virtual machine configuration log.
• Installed with apt (original version 4.2.8)
• VirtualBox is launched as user root (because it seems that only the current user and root can access PulseAudio in a same X session — see [5])
• Allow user beq06659 to launch VirtualBox through user root. Add to /etc/sudoers:

beq06659	ALL=NOPASSWD: /usr/bin/VirtualBox

• Helper script to add to e.g. ~/bin :

#First allow user vbox to connect to X11
#xhost +SI:localuser:vbox
#sudo su vbox -c /usr/bin/VirtualBox&

#New config - run VirtualBox as root to allow sound
sudo /usr/bin/VirtualBox&

• Create a launcher in ~/.local/share/applications/virtualbox-root.desktop

#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=VBox
Name[en_US]=Oracle VM VirtualBox (root)
Exec=/home/beq06659/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=Oracle VM VirtualBox (root)
Comment=Run several virtual systems on a single host computer
Icon=VBox

Wine

See Configuration NXP Dell Latitude E5430 - Wine.

To Do

Issues

• Issue — To be completed
• To Do — Description

Done & Fixed

• Fixed — Issue description
  Fix description
• Done — Description