Zed Lopez

The First N Things to Do After Installing an Ubuntu Command-line System, Where N Is Large

This is my guide to how to install Ubuntu. There aren’t many like it, because this one is mine. This is using Karmic and for a single-user computer.

I start with the alternate install CD, and install a command-line system. There’s a lot of talk about how Ubuntu is bloated, which is a little silly, as Ubuntu is not the same thing as the ubuntu-desktop metapackage. The command-line system will leave you with a few things you won’t need — it includes the tools for several filesystems, including NTFS, and support for various hardware, some of which you won’t have. I don’t doubt that there are leaner minimalist distributions, but it’s a stretch to call this bloated.

Toward keeping it unbloated, the first step is turning off the automatic installation of recommended packages:

echo ‘APT::Install-Recommends “false”;’ | sudo tee > /etc/apt/apt.conf.d/02notrecommended

Then I install the first tools I want:

sudo apt-get install wajig zile

That’s the last we’ll see of apt-get, as wajig is my preferred front end to the Debian package manager. zile is a small Emacs-workalike. Next, I make sure it gets used whenever anything needs an editor (and that I never, ever get dumped into vi):

sudo update-alternatives —install /usr/bin/vi vi /usr/bin/zile 99
sudo update-alternatives —config editor

The latter will prompt me to choose among installed editors; I pick zile.

Now I’m ready to configure sudo.

sudo visudo

I add to the line beginning

Defaults env_reset
, making it:

Defaults env_reset,insults,!tty_tickets

!tty_tickets makes the sudo timeout global, instead of on a per-session basis, so that if I sudo in one window, and, soon after, sudo in another, I won’t have to type my password again. This is very useful. insults means sudo will insult me if I type my password wrong. This isn’t useful except inasmuch as it amuses the 12-year-old in me.

Next is configuring my repository sources:

sudo -e /etc/apt/sources.list

This boils down to these four lines, with my closest mirror substituted for “us.archive.ubuntu.com”

deb http://us.archive.ubuntu.com/ubuntu/ karmic main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic main restricted universe
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ karmic-backports main restricted universe multiverse

plus I keep the default last few lines:

deb http://security.ubuntu.com/ubuntu karmic-security main restricted
deb-src http://security.ubuntu.com/ubuntu karmic-security main restricted
deb http://security.ubuntu.com/ubuntu karmic-security universe
deb-src http://security.ubuntu.com/ubuntu karmic-security universe
deb http://security.ubuntu.com/ubuntu karmic-security multiverse
deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse

I make sure I’m up-to-date:

sudo wajig update
sudo wajig upgrade
sudo wajig dist-upgrade

Now it’s time to install everything related to one of my most important tools, ssh:

sudo wajig install ssh denyhosts molly-guard sshfs yafc keychain
sudo -e /etc/ssh/sshd_config

I modify /etc/hosts to assign shortcuts to several of my most-used machines.

I set “PermitRootLogin no” (even though I don’t have a root password, so no one could login as root anyway), and “PasswordAuthentication no” to disable login by password altogether — it’ll require public key authentication.

sudo adduser zed fuse

sshfs is an amazingly useful tool that lets you mount remote filesystems over ssh so they’re transparently accessibly as if they were local. But you have to add yourself to the fuse group (and it won’t take until you logout and log back in.) I like to drop this in /usr/local/bin/mkmnt as a convenience to make the mount points I’ll use with it:

for i in $@
mkdir /mnt/$i
chown root:fuse /mnt/$i
chmod 775 /mnt/$i


sudo chown root:fuse /mnt

sudo chmod 775 /mnt

I used to configure denyhosts to make it more restrictive and quicker to ban, but I don’t bother anymore. The defaults are reasonable. molly-guard is there to prevent accidentally shutting down or rebooting my machine when I’m logged in remotely. yafc is a much-improved sftp, with tab-completion. And keychain lets me type my ssh private key password just once. I just add this to my .bashrc:

eval `keychain —eval —nogui -Q -q id_rsa`

And I install my private and public keys in my .ssh directory.

Now we’re ready to install X.

sudo wajig install hal xorg nvidia-glx-185 nvidia-settings xdm msttcorefonts ttf-liberation ttf-droid xscreensaver

This gets you a whole raft of video and input packages, most of which you don’t need, but is a lot faster and easier than picking out the ones you do.

Now it’s time to start building packages from source.

sudo wajig install build-essential automake m4 subversion git-core fakeroot checkinstall libtool texinfo texinfo-doc-nonfree manpages-dev
sudo wajig build-depend ratpoison
sudo wajig build-depend rxvt-unicode-ml

I like to do my building from source under /usr/local/src, so I’ll make that a little easier:

chmod -R root:admin /usr/local
chown -R 775 /usr/local

First, ratpoison:

cd /usr/local/src
git clone git://git.savannah.nongnu.org/ratpoison.git
cd ratpoison
automake —add-missing

I put a patch of my own into title_changed.patch, and apply it, then build the Debian package:

patch -p1 < title_changed.patch
fakeroot debian/rules binary

This drops a .deb into /usr/local/src, and I install it:

cd /usr/local/src
sudo wajig install ratpoison_1.4.6~git-0_i386.deb

Next comes rxvt-unicode. I’m still in /usr/local/src…

wget http://dist.schmorp.de/rxvt-unicode/rxvt-unicode-9.07.tar.bz2
tar xjf rxvt-unicode-9.07.tar.bz2
cd rxvt-unicode-9.07
./configure —prefix=/usr
sudo checkinstall —fstrans=no

I use the name ‘rxvt-unicode-ml’, the same as Ubuntu normally uses for the full rxvt-unicode, the description ‘rxvt-unicode-ml’, and the version ‘9.07-1source’. Per the contents of urxvtc’s man page, I put this in /usr/local/bin/urxvt:

urxvtc “$@”
if [ $? -eq 2 ]; then
urxvtd -q -o -f
urxvtc “$@”

And that’s what I define as my x-terminal-emulator:

sudo update-alternatives —install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/local/bin/urxvt 99

Now I can remove xterm. This’ll take the xorg metapackage with it, but that’s fine — it’s just a metapackage and all the stuff it installed will still be there.

sudo wajig remove xterm

Oh, so close. Now, per the xsession man page, I put this in /etc/X11/Xsession.d/35×11-custom_xmodmap —


if [ -x /usr/bin/X11/xmodmap ]; then
if [ -f “$SYSMODMAP” ]; then
xmodmap “$SYSMODMAP
if [ -f “$USRMODMAP” ]; then
xmodmap “$USRMODMAP

Then I populate /etc/X11/Xmodmap, ~/.Xresources, .ratpoisonrc, and put this in .xsession:

xscreensaver-command -exit
xscreensaver &

And now we’re ready to run X. It’s that easy.

sudo invoke-rc.d xdm start

I edit .xscreensaver to set ‘splash: False’, and run


so I can set the Mode to ‘Blank Screen Only’, turn on Display Power Management, and turn off ‘Fade to Black when Blanking’. There are many beautiful xscreensaver hacks, but some of them create appreciable system load. I’m running it for security.

OK, now for some miscellany. apt-file can do some tricks wajig can’t.

sudo wajig install apt-file
sudo apt-file update

is my preferred pager.

sudo wajig install most
sudo update-alternatives —config pager

Really, the whole point of the exercise is Emacs.

sudo wajig install emacs23 emacs-goodies-el python-mode yaml-mode

I like Ruby, Perl, and Nethack. Someday I will ascend.

sudo wajig install ruby-full ruby-elisp rubygems perl-doc nethack-el

Some other important command-line tools:

sudo wajig install screen ack-grep

ack-grep’s intended name is ack, but that’s taken in the Debian world, so I uncomment this in the default .bashrc:

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases

And into .bash_aliases goes:

alias ack=“ack-grep”

Being able to unpack things is good:

sudo wajig install atool unrar unzip

Put this in ~/.atoolrc:

use_rar_for_unpack 0

The web is pretty important:

sudo wajig install firefox epdfview privoxy

Privoxy is a filtering web proxy.

cd /tmp
wget http://neilvandyke.org/privoxy-rules/neilvandyke.action
sudo mv /tmp/neilvandyke.action /etc/privoxy
sudo -e /etc/privoxy/config

Between actionsfile default.action and actionsfile user.action, I add:

actionsfile neilvandyke.action

In user.action, I add some more sites, as well as define some sites on which to not block ads.

I get the Flash 10.1 beta:

cd /tmp
wget http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_p3_linux_022310.tar.gz
tar xzf flashplayer10_1_p3_linux_022310.tar.gz
mkdir ~/.mozilla/plugins
mv libflashplayer.so ~/.mozilla/plugins

Sound starts out set to zero, so I need alsamixer to turn it up:

sudo wajig install alsa-utils

Get and install the forbidden packages:

cd /tmp
wget http://packages.medibuntu.org/pool/non-free/w/w32codecs/w32codecs_20071007-0medibuntu5_i386.deb
wget http://packages.medibuntu.org/pool/free/libd/libdvdcss/libdvdcss2_1.2.10-0.3medibuntu1_i386.deb
sudo wajig install w32codecs_20071007-0medibuntu5_i386.deb
sudo wajig install libdvdcss2_1.2.10-0.3medibuntu1_i386.deb

Install the fonts from Powerpoint.

Monitoring is good. This includes:

sudo wajig install lm-sensors htop iftop iotop hddtemp smartmontools

Virtual machines are fun.

sudo wajig install qemu kvm

Downloader helpers.

sudo wajig install transmission-cli axel


sudo wajig install mplayer-nogui flac vorbis-tools vorbisgain feh

Into every life some Microsoft Word docs must fall.

sudo wajig install antiword

Keep the computer time synced with atomic clocks:

sudo wajig install ntp

sudo -e /etc/ntp.conf

I remove the ‘server ntp.ubuntu.com’ line and replace it with:

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

I like TeX, and LaTeX, and ConTeXt and printing things.

sudo wajig install context texlive-latex-extra gv texlive-latex-extra-doc texlive-latex-base-doc cups-client texlive-latex-recommended texlive-latex-recommended-doc

That may seem like a lot, and it is, but it’s still not much compared to texlive-full.

I just need a client to a Cups server running elsewhere on my local network, so I just need to populate /etc/cups/client.conf:

ServerName hostname_of_cups_server

I want to access a Samba server on my local network, so:

sudo wajig install smbfs
mkmnt smbmountpoint

I add this to /etc/fstab:

//smbhostname/Volume_1 /mnt/smbmountpoint cifs credentials=/etc/smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm 0 0

/etc/smbcredentials is of the form:


Then I just:

sudo mount -a

I’ve skimped on configuring Firefox, Emacs, urxvt, and on talking about the contents of my .Xresources, .Xmodmap, and .ratpoisonrc, as well as the other little scripts I put in /usr/local/bin. Maybe next time.