Eola
From Wsms
Eola is my mom's name. eola is the ThinkPad T30 I set up for her.
hardware
The computer is a Thinkpad T30 with a 1.8GHz P4-M, 256MB RAM, ATI 7500 video adapter, 40G HD, and a DVD reader. Specifics on the hardware are at Eola/Hardware.
archive old OS
I archived the contents of the hard disk to a file on my server. I booted eola with a Knoppix 5.1.1 DVD and used nfs to mount a partition on my server. Then I used cat and bzip2 to create the archive.
root@Knoppix:/mnt/mckinley# cat /dev/hda | bzip2 > eola-hda-20071222.bz2
The resulting file occupied 6.7G and took about three hours to write across the 100-baseT network.
Here a some contemporaneous notes.
root@mckinley:/media/sdd4# cat eola-hda-20071222.bz2.notes eola-hda-20071222.bz2.notes 20071222 This is a backup of the hard drive on Mom's T30 notebook computer. To make it I: 1. Plugged the Freeagent Driver into mckinley. 2. Mounted it. 3. Exported the volume. 4. Mounted the volume using nfs from eola using -o nolock 5. did: cat /dev/hda | bzip2 > eola-hda-20071222.bz2
reformat the hd
I used fdisk format the hd in accordance with the linuxmint convention of the first partition being for / and the first extended partition being swap.
root@Knoppix:~# fdisk -l /dev/hda Disk /dev/hda: 40.0 GB, 40007761920 bytes 16 heads, 63 sectors/track, 77520 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Device Boot Start End Blocks Id System /dev/hda1 * 1 74685 37641208+ 83 Linux /dev/hda2 74686 77520 1428840 5 Extended /dev/hda5 74686 77520 1428808+ 82 Linux swap / Solaris
install linuxmint-4
I have linuxmint-4 running on a VMware Virtual Machine on my server. VMs have many advantages over a physical machine including cost and versatility. In this scenario, another important advantage is that I don't have to burn a physical CD or DVD in order to install the new operating system; I just boot the VM from the iso file. I also apply the current updates to the VM so that I don't have to do them later on the physical machine. The main disadvantage here is that I can't actually deliver a VM to my mom. She needs a real physical computer.
I won't cover the install on the VM. Everybody in KPLUG should already know how to install Linux. Installing on a VM is similar to installing on a physical machine. The main difference is that the install tends to go faster because you are reading the iso image file from a hard disk instead of reading a physical DVD from an optical drive.
copy files with ssh and rsync
I booted the VM on the server with a Knoppix 5.1.1 iso, then I launched the ssh server, set a root password and mounted the root partition:
root@Knoppix:/etc/init.d# ./ssh start ... root@Knoppix:/etc/init.d# passwd ... root@Knoppix:/etc/init.d# mount -o ro /dev/sda1 /media/sda1
I booted eola with a Knoppix 5.1.1 DVD, mounted hda1 and used rsync over ssh to copy the files from the VM:
root@Knoppix:~# mount /dev/hda1 /media/hda1 root@Knoppix:~# rsync -av 192.168.2.104:/media/sda1/ /media/hda1 ...
The rsync took about 10 minutes on a 100-Base T network.
grub-install
You may have noticed that the VM uses /dev/sda1 as the root partition while eola uses /dev/hda1. So, we have to make a few changes and reinstall grub to the master boot record of /dev/hda.
In /media/hda1/boot/grub/device.map, change sda to hda, then
root@Knoppix:/media/hda1# grub-install --root-directory=/media/hda1 /dev/hda ...
first boot
Up to this point, eola has been booted using Knoppix. The next step was to reboot as and how the install worked. It did boot, but didn't launch X. Nor did it find the swap partition.
reconfigure X
X didn't work, but the machine did boot into a command-line interface. The reason X didn't work is that /etc/X11/xorg.conf was set up for the video adapter provided by VMware, which isn't the same as the ATI 7500 on the ThinkPad T30.
The command to reconfigure X in Debian-based distributions is: dpkg-reconfigure xserver-xorg. When I ran this, I selected the ati driver, which worked OK. Later I changed the driver to radeon in order to use eola with a projector.
set up swap
To fix the problem with the swap partition I put the following in /etc/fstab:
/dev/sda5 none swap sw 0 0
I formatted the swap space with mkswap and activated it with swapon -a. You may have noticed that we are back to /dev/sda instead of the /dev/hda that we saw with Knoppix. That's because mint uses a more recent Linux kernel than Knoppix. The newer kernels like to call everything sda instead of hda, even if the physical device is an IDE drive.
set the hostname
I set the hostname by editing /etc/hostname.
more tweaks
user accounts
On ubuntu, the first user account is allowed to run sudo. You can change this policy with visudo if you like. I decided to keep the first user account, sdlinuxguy, for myself and set up a second user account for my mom. The second user is called eola.
automatically login as eola at startup
See Gdmsetup.
kill the update notification
The mintupdate utility runs in the background and notifies the user when updates are available in the apt-get repository. We don't want granny to be bothered with those notifications. She doesn't have the user privileges needed to update the system. System administration will be done remotely using ssh.
root@linuxmint-4:~# apt-get autoremove mintupdate Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: nautilus-actions The following packages will be REMOVED: mintupdate mintupdate-gnome nautilus-actions 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. Need to get 0B of archives. After unpacking 1749kB disk space will be freed. Do you want to continue [Y/n]? Y (Reading database ... 89068 files and directories currently installed.) Removing mintupdate-gnome ... Removing mintupdate ... Removing nautilus-actions ... Processing triggers for libc6 ... ldconfig deferred processing now taking place
enable remote control with vnc
vino-server is a derivative of vnc and is a remote access program that will let you (the administrator) access the machine remotely and even "take over" from granny.
The vnc server we want to use is know and vino and is set up using vino-preferences. You can run vino-preferences form the command line or from the main menu with Preferences -> Remote Desktop:
After you have set up the vnc server with vino-preferences, access the remote machine with:
ggeller@harrison:~$ vncviewer -fullscreen 192.168.2.105:0
In case you forgot, the magic key to exit vncview's fullscreen mode is F8.
external monitor
Getting an external monitor working with the ThinkPad has been a challenge. I finally found a page that gave me the clues I needed: http://lilserenity.wordpress.com/2007/10/21/output-switcher-easy-linux-screen-management/
The first necessary step is to change /etc/X11/xorg.conf so that X uses the radeon driver instead of the ati driver. The complete xorg.conf is at Eola/Xorg.conf.
Even so, the external monitor doesn't quite work as advertised. The magic command I finally found to make a mirrored setup is:
eola@eola:~/Desktop$ xrandr --output LVDS --off ; xrandr --output VGA-0 --auto ; xrandr --output LVDS --auto
send mplayer output to the external monitor
When I gave the presentation at KPLUG, I found that movies would not play on the external monitor. I just got a black box where the picture was supposed to be. Two different members in the audiance suggested two different ways to make the movies work:
From Gus Wirth:
eola@eola:~/Desktop$ xvattr -a XV_CRTC -v 1
Upon testing, the above didn't work, but the following command did work:
eola@eola:~/Desktop$ xvattr -a XV_CRTC -v 0
See xvattr
Another way from Doug Laurie:
eola@eola:~/Desktop$ mplayer -vo x11 zonbu.wmv
configure ssh server
I can't expect Eola, my mom, to use a real secure password. Consequently, I will use public/private keys to get to ssh on eola, the computer.
Generate the ssh key on mckinley:
ggeller@mckinley:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ggeller/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ggeller/.ssh/id_rsa. Your public key has been saved in /home/ggeller/.ssh/id_rsa.pub. The key fingerprint is: 27:cd:b6:9d:30:5e:2d:e0:f9:a5:21:39:19:57:8a:31 ggeller@mckinley ggeller@mckinley:~$ cp .ssh/id_rsa.pub .
Copy the public key to eola:
eola@eola:~$ scp ggeller@192.168.2.14:id_rsa.pub . ggeller@192.168.2.14's password: id_rsa.pub 100% 398 0.4KB/s 00:00 eola@eola:~$ mv id_rsa.pub .ssh/authorized_keys2
Test login with keys from mckinley to eola:
ggeller@mckinley:~$ ssh eola@192.168.2.105 ...
Edit /etc/ssh/sshd_config so that remote login is allowed only with keys and not with passwords ans so that root login is not allowed.
PermitRootLogin no PasswordAuthentication no
Restart the ssh server:
root@eola:/etc/ssh# /etc/init.d/ssh restart * Restarting OpenBSD Secure Shell server sshd [ OK ]
Jim Sack had some additional suggestions on the KPLUG list: Eola/SSH
iptables
The only incomming port we want to have open is port 22 for ssh. The iptables setup is simple enough to do by hand. This is adapted from http://townx.org/simple_firewall_for_ubuntu_using_iptables
First I made the file /etc/iptables/iptables.script:
#!/bin/bash # flush all chains iptables -F # set the default policy for each of the pre-defined chains iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP # accept connections of port 22 for ssh iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT # allow establishment of connections initialised by my outgoing packets iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # drop everything else iptables -A INPUT -i eth1 -p udp -j DROP iptables -A INPUT -i eth1 -p tcp -m tcp --syn -j DROP # accept anything on localhost iptables -A INPUT -i lo -j ACCEPT
Then I made a little script to start it up in /etc/init.d/firewall:
#! /bin/sh
set -e
. /lib/lsb/init-functions
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
case "$1" in
start)
/etc/iptables/iptables.script
;;
stop)
iptables -F
;;
restart)
iptables -F
/etc/iptables/iptables.script
;;
esac
exit 0
Then I set up the links in /etc/rc* with:
root@eola:/etc/init.d# update-rc.d firewall start 20 2 3 4 5 . stop 99 0 1 6 . Adding system startup for /etc/init.d/firewall ... /etc/rc0.d/K99firewall -> ../init.d/firewall /etc/rc1.d/K99firewall -> ../init.d/firewall /etc/rc6.d/K99firewall -> ../init.d/firewall /etc/rc2.d/S20firewall -> ../init.d/firewall /etc/rc3.d/S20firewall -> ../init.d/firewall /etc/rc4.d/S20firewall -> ../init.d/firewall /etc/rc5.d/S20firewall -> ../init.d/firewall
discover the remote IP address
eola will be installed on a dsl connection in my mom's apartment and will have a dynamic IP address. I use the following scheme instaed of asking my mom to run ipconfig and tell me the address.
I set up a publicaly-accessible web page on my server. Then I have a crontab like this:
# m h dom mon dow command 0,15,30,45 * * * * cd /home/sdlinuxguy/Downloads/ ; /usr/bin/wget http://wsms.wikiplanet.com/html/eola.html
Every 15 minutes, eola fetches the web page. All I have to do is look in my apache log to find the IP for eola.
access vnc over ssh
With the firewall working, you have to use ssh to tunnel the connection for vncviewer:
ggeller@harrison:~$ ssh -N -L 5901:localhost:5900 eola@192.168.2.105
Then connect vncview to the local port and the connection is forwarded by ssh:
ggeller@harrison:~$ vncviewer -fullscreen localhost:1
todo maybe we just want a gmail account.
printing
todo
put adblocker on firefox
todo
simplicate the Daryna menu
todo
The Darnya menu includes a number of items that can't be run by the user account eola, because it doesn't have root privileges via sudo. These menu items should be deleted. If you right-click on the menu, you can get to Preferences and Edit Menu, but they don't seem to do what I want. There is some related information in Daryna_User_Guide.pdf.
Jim Sack also gave me a few clues in an email dated January 11, 2008:
From http://linuxmint.com/rel_daryna.php "In the backend, mintInstall now also relies on Synaptic.." So, you probably do not want to uninstall synaptic, as suggested by someone yesterday. And BTW, I found a clue to menus -- check /etc/xdg. http://standards.freedesktop.org/menu-spec/latest/ found from a link on the following: http://automatthias.wordpress.com/2005/11/22/create-a-custom-gnome-menu/ I haven't looked into it yet, but is seems prominsing. Regards, ..jim
Update
It seems that pacbell has seen fit to block incoming ssh access. So, if we want to have remote administration we have to set up a tunnel using a different port, or we have to use something like a VPN.
