OS Install Experiences - Part 4: Ubuntu

Note: This article is part of my OS Install Experiences series.

Next OS — the recently released Debian-derived distribution Ubuntu 6.06 (Dapper Drake).

Install

  1. First, I downloaded a Ubuntu 6.06 CD image, burned it on a CD, and booted from that.
  2. The first installer screen allows you to choose between a normal install, "safe graphics mode", "check CD for defects", "memory test", and "boot from first hard disk". If you hit enter and wait a few minutes, you're dropped right into a fully working GNOME session (think Live-CD). No user-iteraction is required at all...
  3. If you like you can use the system for normal tasks already (web browsing, whatever). If you want to install Ubuntu, you click the "Install" icon on the desktop...
  4. After choosing the language, timezone (by clicking on your country on a nice graphical world map!), and keyboard layout, the installation begins.
  5. You must enter your user password (no root password, in Ubuntu you have to use sudo for everything which requires root permissions), user account name, and (ugh!) you must enter a full name (same annoying behaviour as with PC-BSD).
  6. The partitioning tool is graphical and quite easy to use. It takes ages to scan the disk(s) and partitions though (yes, I have quite a lot of them, but still)...
  7. That's mostly it, the installation of the packages starts now, and after it's finished, a window pops up asking you whether you want to reboot or continue using the Live CD for a little longer.
  8. What's noticeable is that I was not asked where or how I want to install a bootloader, Ubuntu simply scans the disks, tries to detect the OSes and writes itself into the MBR. Which sucks quite a bit, especially for more complicated setups like I'm using here. For example, it didn't detect the PC-BSD installation, so I can no longer boot that for now (need to fix GRUB manually).
  9. That's it, after a reboot you're dropped into GNOME and the installation is done. Pretty impressive how easy such Linux installations have gotten recently...

Security

Continue reading here...

  • netstat output:
    tcp        0      0 localhost:60450         *:*                     LISTEN     4527/python
    tcp        0      0 localhost:49253         *:*                     LISTEN     4512/hpiod
    tcp        0      0 localhost:ipp           *:*                     LISTEN     4583/cupsd
    udp        0      0 *:bootpc                *:*                                3957/dhclient3
    
  • Some permissions:
    drwxr-xr-x   3 root root  4096 2006-06-04 23:48 /home
    drwxr-xr-x   2 root root  4096 2006-05-31 02:49 /root
    drwxrwxrwt  10 root root  4096 2006-06-04 23:34 /tmp
    drwxr-xr-x  13 uwe  uwe   4096 2006-06-04 23:35 /home/uwe
    /dev:
    crw-rw----  1 root audio    14,  12 2006-06-05 00:00 adsp
    crw-rw----  1 root video    10, 175 2006-06-05 00:00 agpgart
    crw-rw----  1 root root     10, 134 2006-06-04 23:00 apm_bios
    crw-rw----  1 root audio    14,   4 2006-06-05 00:00 audio
    drwxr-xr-x  3 root root          60 2006-06-05 00:00 bus
    crw-rw----  1 root video   226,   0 2006-06-04 23:00 card0
    crw-------  1 root root      5,   1 2006-06-04 23:00 console
    drwxr-xr-x  6 root root         120 2006-06-05 00:00 disk 
    crw-rw----  1 root audio    14,  10 2006-06-05 00:00 dmfm
    drwxr-xr-x  2 root root          60 2006-06-04 23:00 dri
    crw-rw----  1 root audio    14,   3 2006-06-05 00:00 dsp
    drwxr-xr-x  4 root root         520 2006-06-05 00:00 evms
    crw-rw----  1 root video    29,   0 2006-06-05 00:00 fb0
    brw-rw----  1 root floppy    2,   0 2006-06-05 00:00 fd0
    crw-rw-rw-  1 root root      1,   7 2006-06-05 00:00 full
    brw-rw----  1 root disk      3,   0 2006-06-05 00:00 hda*
    brw-rw----  1 root disk      3,  64 2006-06-05 00:00 hdb*
    brw-rw----  1 root cdrom    22,  64 2006-06-05 00:00 hdd
    prw-------  1 root root           0 2006-06-05 00:00 initctl
    drwxr-xr-x  2 root root         100 2006-06-05 00:00 .initramfs
    -rw-r--r--  1 root root           0 2006-06-05 00:00 .initramfs-tools
    drwxr-xr-x  2 root root         160 2006-06-05 00:00 input
    crw-r-----  1 root kmem      1,   2 2006-05-31 03:15 kmem
    crw-rw----  1 root root      1,  11 2006-06-05 00:00 kmsg
    srw-rw-rw-  1 root root           0 2006-06-04 23:10 log
    drwxr-xr-x  2 root root          60 2006-05-31 02:50 loop
    crw-rw----  1 root lp        6,   0 2006-06-05 00:00 lp0
    crw-------  1 root root    109,   0 2006-06-05 00:00 lvm
    drwxr-xr-x  2 root root          60 2006-06-05 00:00 mapper
    brw-r--r--  1 root root      9,   0 2006-06-05 00:00 md*
    crw-r-----  1 root kmem      1,   1 2006-06-05 00:00 mem
    crw-rw----  1 root audio    14,   0 2006-06-05 00:00 mixer
    drwxr-xr-x  2 root root          60 2006-05-31 02:50 net
    crw-rw-rw-  1 root root      1,   3 2006-05-31 03:15 null
    crw-rw----  1 root video   195,   0 2006-06-04 23:00 nvidia0
    crw-rw----  1 root video   195, 255 2006-06-04 23:00 nvidiactl
    crw-rw----  1 root lp       99,   0 2006-06-04 23:00 parport0
    crw-r-----  1 root kmem      1,   4 2006-06-05 00:00 port
    crw-------  1 root root    108,   0 2006-05-31 03:15 ppp
    crw-rw----  1 root root     10,   1 2006-06-05 00:00 psaux
    crw-rw-rw-  1 root root      5,   2 2006-06-04 23:35 ptmx
    drwxr-xr-x  2 root root           0 2006-06-05 00:00 pts
    crw-rw-rw-  1 root tty       2, 176 2006-06-05 00:00 pty*
    brw-rw----  1 root disk      1,   0 2006-06-05 00:00 ram*
    crw-rw-rw-  1 root root      1,   8 2006-06-05 00:00 random
    crw-rw----  1 root audio    10, 135 2006-06-05 00:00 rtc
    drwxrwxrwt  2 root root          40 2006-06-05 00:00 shm
    drwxr-xr-x  2 root root         200 2006-06-05 00:00 snd
    drwxr-xr-x  3 root root          60 2006-06-05 00:00 .static 
    crw-rw-rw-  1 root root      5,   0 2006-06-04 23:21 tty
    crw-rw----  1 root root      4,   0 2006-06-04 23:00 tty0
    crw-------  1 root root      4,   1 2006-06-04 23:00 tty[1-6]
    crw-rw----  1 root root      4,  10 2006-06-05 00:00 tty[7..*]
    crw-rw-rw-  1 root tty       3, 176 2006-06-05 00:00 tty*
    crw-rw-rw-  1 root tty       3,  48 2006-06-05 00:00 ttys*
    crw-rw----  1 root dialout   4,  64 2006-06-05 00:00 ttyS*
    drwxr-xr-x  4 root root          80 2006-06-04 23:30 .udev
    crw-rw-rw-  1 root root      1,   9 2006-06-05 00:00 urandom
    crw-rw----  1 root root      7,   0 2006-06-05 00:00 vcs*
    prw-r-----  1 root adm            0 2006-06-04 23:34 xconsole
    crw-rw-rw-  1 root root      1,   5 2006-06-05 00:00 zero
    

    At least /root and /home/* could use a chmod 700.

  • Default users and shells:
    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    bin:x:2:2:bin:/bin:/bin/sh
    sys:x:3:3:sys:/dev:/bin/sh
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/bin/sh
    man:x:6:12:man:/var/cache/man:/bin/sh
    lp:x:7:7:lp:/var/spool/lpd:/bin/sh
    mail:x:8:8:mail:/var/mail:/bin/sh
    news:x:9:9:news:/var/spool/news:/bin/sh
    uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
    proxy:x:13:13:proxy:/bin:/bin/sh
    www-data:x:33:33:www-data:/var/www:/bin/sh
    backup:x:34:34:backup:/var/backups:/bin/sh
    list:x:38:38:Mailing List Manager:/var/list:/bin/sh
    irc:x:39:39:ircd:/var/run/ircd:/bin/sh
    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
    nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
    dhcp:x:101:101::/nonexistent:/bin/false
    syslog:x:102:102::/home/syslog:/bin/false
    klog:x:103:103::/home/klog:/bin/false
    cupsys:x:100:106::/home/cupsys:/bin/false
    messagebus:x:104:107::/var/run/dbus:/bin/false
    haldaemon:x:108:108:Hardware abstraction layer,,,:/var/run/hal:/bin/false
    hplip:x:105:7:HPLIP system user,,,:/var/run/hplip:/bin/false
    gdm:x:106:111:Gnome Display Manager:/var/lib/gdm:/bin/false
    uwe:x:1000:1000:U,,,:/home/uwe:/bin/bash
    
  • Setuid/setgid files:
    # find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -ld '{}' \;
    -rwsr-xr-x 1 root root 3172 2006-05-11 13:50 /bin/check-foreground-console
    -rwsr-xr-x 1 root root 75088 2006-05-16 03:43 /bin/mount
    -rwsr-xr-x 1 root root 30724 2005-11-11 01:15 /bin/ping
    -rwsr-xr-x 1 root root 26556 2005-11-11 01:15 /bin/ping6
    -rwsr-xr-x 1 root root 24008 2006-04-03 15:37 /bin/su
    -rwsr-xr-x 1 root root 56808 2006-05-16 03:43 /bin/umount
    -rwsr-xr-- 1 root dhcp 2844 2006-05-05 17:02 /lib/dhcp3-client/call-dhclient-script
    -rwsr-xr-x 1 root root 13164 2006-01-17 13:18 /sbin/cardctl
    -rwxr-sr-x 1 root shadow 15980 2006-05-12 19:42 /sbin/unix_chkpwd
    -rwsr-sr-x 1 root root 18066 2006-05-28 21:35 /usr/bin/X
    -rwsr-xr-x 1 root root 10588 2005-11-11 01:15 /usr/bin/arping
    -rwsr-sr-x 1 daemon daemon 37416 2006-05-08 23:44 /usr/bin/at
    -rwxr-sr-x 1 root tty 7768 2005-10-25 04:13 /usr/bin/bsd-write
    -rwxr-sr-x 1 root shadow 35452 2006-04-03 15:37 /usr/bin/chage
    -rwsr-xr-x 1 root root 27900 2006-04-03 15:37 /usr/bin/chfn
    -rwsr-xr-x 1 root root 23452 2006-04-03 15:37 /usr/bin/chsh
    -rwxr-sr-x 1 root crontab 26668 2005-11-15 13:42 /usr/bin/crontab
    -rwxr-sr-x 1 root shadow 16040 2006-04-03 15:37 /usr/bin/expiry
    -rwsr-xr-x 1 root root 22324 2005-12-31 19:19 /usr/bin/fping
    -rwsr-xr-x 1 root root 23188 2005-12-31 19:19 /usr/bin/fping6
    -rwsr-xr-x 1 root root 34248 2006-04-03 15:37 /usr/bin/gpasswd
    -rwsr-xr-x 1 cupsys lpadmin 8884 2006-05-17 14:47 /usr/bin/lppasswd
    -rwsr-xr-x 1 root root 44988 2005-07-07 12:15 /usr/bin/mtr
    -rwsr-xr-x 1 root root 22732 2006-04-03 15:37 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 26972 2006-04-03 15:37 /usr/bin/passwd
    -rwsr-xr-- 1 root plugdev 28316 2006-05-12 11:33 /usr/bin/pmount
    -rwsr-xr-- 1 root plugdev 20808 2006-05-12 11:33 /usr/bin/pumount
    -rwxr-sr-x 1 root utmp 302096 2006-04-26 23:40 /usr/bin/screen
    -rwxr-sr-x 1 root slocate 30884 2006-01-07 16:44 /usr/bin/slocate
    -rwxr-sr-x 1 root ssh 57824 2006-05-18 02:43 /usr/bin/ssh-agent
    -rwsr-xr-x 1 root root 93844 2006-05-17 10:41 /usr/bin/sudo
    -rwsr-xr-x 1 root root 10460 2005-11-11 01:15 /usr/bin/traceroute6
    -rwxr-sr-x 1 root tty 10292 2006-05-16 03:43 /usr/bin/wall
    -rwxr-sr-x 1 root utmp 279968 2006-05-18 08:45 /usr/bin/xterm
    -rwxr-sr-x 1 root games 75636 2006-04-10 11:32 /usr/games/glines
    -rwxr-sr-x 1 root games 82644 2006-04-10 11:32 /usr/games/gnibbles
    -rwxr-sr-x 1 root games 90004 2006-04-10 11:32 /usr/games/gnobots2
    -rwxr-sr-x 1 root games 95108 2006-04-10 11:32 /usr/games/gnometris
    -rwxr-sr-x 1 root games 77908 2006-04-10 11:32 /usr/games/gnomine
    -rwxr-sr-x 1 root games 39796 2006-04-10 11:32 /usr/games/gnotravex
    -rwxr-sr-x 1 root games 40564 2006-04-10 11:32 /usr/games/gnotski
    -rwxr-sr-x 1 root games 52692 2006-04-10 11:32 /usr/games/gtali
    -rwxr-sr-x 1 root games 92884 2006-04-10 11:32 /usr/games/mahjongg
    -rwxr-sr-x 1 root games 69300 2006-04-10 11:32 /usr/games/same-gnome
    -rwsr-xr-- 1 root messagebus 2724 2006-05-15 21:43 /usr/lib/dbus-1.0/dbus-foreground-console
    -rwsr-xr-x 1 root root 4140 2006-05-11 11:46 /usr/lib/eject/dmcrypt-get-device
    -rwxr-sr-x 1 root mail 8780 2006-05-10 22:25 /usr/lib/evolution/camel-lock-helper-1.2
    -rwxr-sr-x 1 root utmp 9256 2006-04-27 13:35 /usr/lib/libvte4/gnome-pty-helper
    -rwsr-xr-x 1 root root 131792 2006-05-18 02:43 /usr/lib/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 5716 2006-05-21 20:46 /usr/lib/pt_chown
    -rwsr-xr-- 1 root dip 257720 2006-02-23 17:33 /usr/sbin/pppd
    
  • World-writable files:
    # find / -not -type l -perm -o+w -exec ls -ld '{}' \;
    drwxrwxrwt 3 root root 80 2006-06-05 00:00 /var/lock
    srw-rw-rw- 1 root root 0 2006-06-04 23:00 /var/run/sdp
    srwxrwxrwx 1 root root 0 2006-06-04 23:00 /var/run/dbus/system_bus_socket
    srwxrwxrwx 1 root root 0 2006-06-04 23:00 /var/run/cups/cups.sock
    drwxrwxrwt 2 root root 4096 2006-05-22 16:00 /var/tmp
    srw-rw-rw- 1 root root 0 2006-06-04 23:10 /dev/log
    crw-rw-rw- 1 root root 226, 0 2006-06-04 23:00 /dev/dri/card0
    drwxrwxrwt 2 root root 40 2006-06-05 00:00 /dev/shm
    crw-rw-rw- 1 root root 1, 3 2006-05-31 03:15 /dev/null
    crw-rw-rw- 1 root root 1, 7 2006-05-31 03:15 /dev/.static/dev/full
    crw-rw-rw- 1 root root 1, 3 2006-05-31 03:15 /dev/.static/dev/null
    crw-rw-rw- 1 root tty 5, 2 2006-05-31 03:15 /dev/.static/dev/ptmx
    crw-rw-rw- 1 root root 1, 8 2006-05-31 03:15 /dev/.static/dev/random
    crw-rw-rw- 1 root tty 5, 0 2006-05-31 03:15 /dev/.static/dev/tty
    crw-rw-rw- 1 root root 1, 5 2006-05-31 03:15 /dev/.static/dev/zero
    crw-rw-rw- 1 root tty 3, 175 2006-06-05 00:00 /dev/tty*
    crw-rw-rw- 1 root root 5, 0 2006-06-04 23:21 /dev/tty
    crw-rw-rw- 1 root root 5, 2 2006-06-04 23:41 /dev/ptmx
    crw-rw-rw- 1 root root 1, 5 2006-06-05 00:00 /dev/zero
    crw-rw-rw- 1 root root 1, 9 2006-06-05 00:00 /dev/urandom
    crw-rw-rw- 1 root root 1, 8 2006-06-05 00:00 /dev/random
    crw-rw-rw- 1 root root 1, 7 2006-06-05 00:00 /dev/full
    -rw-rw-rw- 1 root root 0 2006-06-04 23:42 /proc/*/task/*/attr/current
    -rw-rw-rw- 1 root root 0 2006-06-04 23:42 /proc/*/task/*/attr/exec
    -rw-rw-rw- 1 root root 0 2006-06-04 23:42 /proc/*/task/*/attr/fscreate
    [...]
    drwxrwxrwt 10 root root 4096 2006-06-04 23:34 /tmp
    drwxrwxrwt 2 root root 4096 2006-06-04 23:00 /tmp/.X11-unix
    srwxrwxrwx 1 root root 0 2006-06-04 23:00 /tmp/.X11-unix/X0
    drwxrwxrwt 2 root root 4096 2006-06-04 23:01 /tmp/.ICE-unix
    srwxrwxrwx 1 uwe uwe 0 2006-06-04 23:01 /tmp/.ICE-unix/5253
    srw-rw-rw- 1 root root 0 2006-06-04 23:00 /tmp/.gdm_socket
    drwxrwxrwt 2 uwe uwe 4096 2006-06-04 23:01 /tmp/.esd-1000
    srwxrwxrwx 1 uwe uwe 0 2006-06-04 23:01 /tmp/.esd-1000/socket
    

That's it.

Comments, suggestions, flames?

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

good stuff

I like your articles about install exp. with the major linux distributions. May I give you a fingertip to kanotix which is not a major release but nevertheless worth to take a look.
Imo Kanotix is the best debian-based non commercial linux distri out there.

Follow-up on installer comments

Thanks for the review.

The requirement for a full name was just something that hadn't occurred to me as a problem; I've removed that restriction for the next release.

For the partitioner slowness, I guess it depends whether this is the automatic or the manual partitioner you're talking about. I intend to rewrite the manual partitioner from scratch based on partman in the next release.

The lack of a bootloader question is a known bug that a number of people have filed, and I realise it sucks for complex setups. I didn't have time to add UI for this in 6.06, but I hope to do so for 6.10.

/root and /home/* permissions are deliberate, following Debian's adduser, but are easy enough to change on systems with untrusted local users where it might be a concern.

Ubuntu

Hi Colin, thanks for the comments and rationale!

The permissions are clear, I already guessed that's inherited from Debian... And yes, it's easy to fix it (as well as the forced real name field), it was just a comment.

All in all it's really impressive work, I especially liked (and was a bit surprised by at first) the Live CD feature.

Cheers, Uwe.