Web presence step by step Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories

Previous step: Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2
Next step: Chapter 8: Installing and configuring WordPress to create a website

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we configure the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories.

This post assumes that you have performed the steps described in Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2.

Why would you want to limit a user to a chroot jail directory?

A web server can host multiple websites. You may want to give to a web contractor SFTP access for one of the websites hosted on the server, but also prevent that web contractor from viewing or modifying other files or directories on the server unrelated to the website.

We will configure the SSH server to limit each SFTP user to only be able to view or modify a specific directory and its subdirectories. The formal term for this kind of directory is “chroot,” short for “change root directory.”

In the preceding chapter, we created the usernames, specified their home directories, and specified the directory locations for websites. The directory structure, ownerships, and permissions we applied to each directory anticipated that the directories would later be configured as chroot jail directories.

A user cannot own its own home directory

A user cannot own its own home directory. A user can own a subdirectory within its home directory.

Using the Digital Ocean cloud server web console instead of an SSH terminal program to connect to the cloud server

Normally, we interact with the Ubuntu Linux cloud server hosted at Digital Ocean by connecting with an SSH terminal program. However, since we are modifying the configuration of the SSH server itself, there is a chance we could break the SSH server and lock ourselves out. The Digital Ocean cloud server console provides terminal access to the Ubuntu Linux cloud server. We will use this console to modify the SSH server to implement chroot jail directories for each user.

Connect to the Digital Ocean site and login. Click on the Droplet you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean:

Click on “Console”:

Login to the cloud server. Enter the commands:

cd /etc/ssh
cp sshd_config sshd_config.factory
nano sshd_config

This is what it looks like when you load the file in the nano editor:

A note about the example domain and a reminder that you should use your domain name in its place

Note: for clarity and narrative flow we are using the example domain linuxstepbystep.com but you should substitute your domain name as appropriate.

Go to the bottom of the file, and add the following blocks of text:

Match User comingsoon
        ChrootDirectory /usr/web/comingsoon
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp
Match User linuxstepbystep_com
        ChrootDirectory /usr/web/linuxstepbystep_com
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

Enter the command:

systemctl restart sshd

Obtaining the FileZilla file transfer program

Windows (client)

Warning re default “Download FileZilla” Client link for FileZilla for Windows

When downloading the Windows client from the FileZilla site, avoid the default “Download FileZilla Client” link, as it contains adware. Instead, click on the link “Show additional download options.” this is accessible via the following direct link. From this link, choose the option for “Windows 64bit x86”:

https://filezilla-project.org/download.php?show_all=1

MaOS (client)

From this link, choose the option for “MacOS X”:

https://filezilla-project.org/download.php?show_all=1

Ubuntu Linux (client)

If you are using Ubuntu Linux, you can install the FileZilla file transfer program with the command:

apt install filezilla

Fedora Linux (client)

If you are using Fedora or a related Red Hat system, you can install the FileZilla file transfer program with the command:

dnf install filezilla

Using the FileZilla file transfer program to connect to the cloud server

Complete the following fields. Click “Quickconnect”:

Host: your domain name
Username: linuxstepbystep_com
Password: (password)
Port: 22

Check the box “Always trust this host, add this key to the cache.” Click “OK”:

Note that the SFTP user is now limited to seeing the contents of its own directory. This means that if you have multiple websites on a server, the SFTP accounts that maintain those websites will not be able to view files or directories belonging to other websites or functions of the server:

Enter the subdirectory on the server to see the files and directories for the website:

Previous step: Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2
Next step: Chapter 8: Installing and configuring WordPress to create a website

Web presence step by step Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2

Previous step: Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1
Next step: Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we do advanced configuration on an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server.

A note re MySQL and MariaDB

A few years ago, the company that owned MySQL was purchased by Oracle. The open source code was legally “forked” into a project called MariaDB. When this document refers to “MySQL,” it is actually referring to the MariaDB descendant of the MySQL database engine, made possible by the terms of the GPLv2 open source software license. Notice that to maintain compatibility with existing software, the command to invoke MariaDB on the command line is “mysql.”

This post assumes that you have performed the steps described in Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1.

Configuring the Linux Apache MySQL PHP (LAMP) web server

In the previous chapter, Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1, we used apt to install the meta-package “lamp-server,” which installs the components for a basic Linux Apache MySQL PHP (LAMP) web server. In this chapter we configure the components.

Installing MPM-ITK

We need to install MPM-ITK, which allows the web server to execute programs under different usernames. This means that if a website has a security issue, the damage is limited to that website’s directory: other websites and the host server should remain unaffected.

Enter the command:

apt install libapache2-mpm-itk

Configuring MySQL

The MySQL database server has been installed, but must be configured.

Enter the command:

mysql_secure_installation

Testing the MySQL server

Let’s test the MySQL server. Enter the command:

mysql -u root -p

enter the password you specified during the MySQL configuration step.

enter the command:

show databases;

You will see a list similar to the following. Enter the command:

exit

Testing that the web server is able to run PHP scripts

Let’s test that the web server is able to run PHP scripts.

Enter the commands:

cd /var/www/html
nano phpinfo.php

Enter the following text in the nano editor. Save and exit the file:

<?PHP

phpinfo();

Use a web browser to load your domain name, followed by /phpinfo.php, as in:

linuxstepbystep.com/phpinfo.php

If you are successful, a page similar to the following should appear:

Configuring the Apache web server

Enter the commands:

cd /etc/apache2
cp apache2.conf apache2.conf.factory
nano apache2.conf

Use the control-w command to search for the text “<directory”:

This is what it looks like when you find the section:

Insert a block with the following text:

<Directory /usr/web/>
        AllowOverride All
        Require all granted
</Directory>

Creating the users, directories, and documents for the websites

Enter the commands:

adduser --home /usr/web/comingsoon comingsoon

Enter and confirm a password for the user. Answer the prompts for additional information. When asked: “Is the information correct?” enter “y” for yes:

Enter the commands:

mkdir -p /usr/web/comingsoon/comingsoon
cd /usr/web/comingsoon/comingsoon
nano index.php

Enter the following text in the nano editor. Save and exit the file:

<?PHP

echo "<p>coming soon</p>\n";

Enter these commands, note that each “chown” and “chmod” command should be its own line:

chown -R root:root /usr/web/comingsoon
chown -R comingsoon:comingsoon /usr/web/comingsoon/comingsoon
chmod -R 755 /usr/web/comingsoon/comingsoon

A note about the example domain and a reminder that you should use your domain name in its place

Note: for clarity and narrative flow we are using the example domain linuxstepbystep.com but you should substitute your domain name as appropriate.

Enter this command (all on the same line):

adduser --home /usr/web/linuxstepbystep_com linuxstepbystep_com

Enter the commands:

mkdir -p /usr/web/linuxstepbystep_com/linuxstepbystep.com
cd /usr/web/linuxstepbystep_com/linuxstepbystep.com
nano index.php

Enter the following text in the nano editor. Save and exit the file:

<?PHP

echo "<p>linuxstepbystep.com</p>";

Enter these commands, note that each “chown” and “chmod” command should be its own line:

chown -R root:root /usr/web/linuxstepbystep_com
chown -R linuxstepbystep_com:linuxstepbystep_com /usr/web/linuxstepbystep_com/linuxstepbystep.com
chmod -R 755 /usr/web/linuxstepbystep_com/linuxstepbystep.com

Creating the virtual hosts for the websites

cd /etc/apache2
mv sites-available sites-available.factory
mkdir -p /etc/apache2/sites-available
cd /etc/apache2/sites-available

Enter the command:

nano 000.comingsoon.conf

Enter the following text in the nano editor. Save and exit the file:

<VirtualHost *:80>
<IfModule mpm_itk_module>
        AssignUserID comingsoon comingsoon
</IfModule>
ServerName comingsoon
DocumentRoot /usr/web/comingsoon/comingsoon
ServerAdmin info@linuxstepbystep.com
CustomLog /var/log/apache2/comingsoon-access_log combined
ErrorLog /var/log/apache2/comingsoon-error_log
</VirtualHost>

Enter the commands:

a2ensite 000.comingsoon.conf
nano 004.linuxstepbystep.com.conf

Enter the following text in the nano editor. Note the screen capture: the line starting with “AssignUserID” should be all on the same line. Save and exit the file:

<VirtualHost *:80>
<IfModule mpm_itk_module>
        AssignUserID linuxstepbystep_com linuxstepbystep_com
</IfModule>
ServerName linuxstepbystep.com
ServerAlias www.linuxstepbystep.com
DocumentRoot /usr/web/linuxstepbystep_com/linuxstepbystep.com
ServerAdmin info@linuxstepbystep.com
CustomLog /var/log/apache2/linuxstepbystep.com-access_log combined
ErrorLog /var/log/apache2/linuxstepbystep.com-error_log
</VirtualHost>

Enter the command:

a2ensite 004.linuxstepbystep.com.conf

Enter the command:

systemctl restart apache2

Testing the web server to see whether it can host separate virtual hosts (multiple websites)

The objective of this test is to display different text for each host name we enter in the web browser’s address bar.

Enter your domain name in a web browser’s address bar:

Enter the IP address of your cloud server in the web server’s address bar. This is to test whether the default “park page” is active. This page will be displayed if a host name is pointed at the IP address of the cloud server, but the cloud server’s web server has not yet been configured with a virtual host profile for that host name.

Installing SSL Encryption with Let’s Encrypt

Enter the following command:

apt install certbot python3-certbot-apache

Do you want to continue?

Enter “y” for yes:

Enter the command:

certbot --apache

Enter an email address:

Please read the Terms of Service at

Enter “a” for agree

Would you be willing to share your email address

Enter “no” for no

Which names would you like to activate HTTPS for?

leave input blank, press Enter:

Please choose whether or not to redirect HTTP traffic to HTTPS

Enter “2” then press Enter:

Enter the command:

systemctl restart apache2

Enter your domain name in a web browser’s address bar.

Notice the little lock symbol to the left of the host name. Click on the lock symbol, Click on Certificate. View the certificate’s details:

Previous step: Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1
Next step: Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories

Web presence step by step Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1

Previous step: Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux Cloud Server
Next step: Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we configure a basic Linux Apache MySQL PHP (LAMP) web server and test the IP address for reputation.

A note re MySQL and MariaDB

A few years ago, the company that owned MySQL was purchased by Oracle. The open source code was legally “forked” into a project called MariaDB. When this document refers to “MySQL,” it is actually referring to the MariaDB descendant of the MySQL database engine, made possible by the terms of the GPLv2 open source software license. Notice that to maintain compatibility with existing software, the command to invoke MariaDB on the command line is “mysql.”

Installing a basic web server to test the reputation of the IP address

Sometimes, a cloud service provider will recycle an IP address with a troubled history and give you a server that has a “dirty” IP address that is blacklisted. In order to test the server’s IP address to make sure it is not blacklisted, we have to do a basic web server setup.

In order to do a basic web server setup, we will have to connect to the Ubuntu Linux cloud server with an SSH terminal program.

We will use an SSH terminal server to connect to the cloud server, and create a basic web server to test the IP address. If the IP address is blacklisted, we will simply destroy the cloud server and try again, getting a new IP address which we will test. Once we have a successful test, we can proceed to advanced web server setup in Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2.

Connecting to the Ubuntu Linux cloud server with an SSH terminal program

(Note: this post assumes that you have read the preceding Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux Cloud Server, or you are familiar with SSH terminal programs.)

Use an SSH terminal program to connect to the IP address of the cloud server that you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean:

This is what a successful login looks like:

While we are here, we will add a second user to the server. Enter the command:

adduser desktop

Add the user to the sudo group. Enter the commands:

cd /etc
nano group

go to the line starting with sudo, add the desktop user after the colon:

Enter the commands:

apt clean
apt update

Enter the command:

apt upgrade

When prompted, enter y for yes, and press Enter:

If you see a question like this, accept the default. In this case, n for no and press Enter:

Enter the commands:

ufw allow 80/tcp
ufw allow 443/tcp
apt install net-tools iptraf-ng

Enter the command:

reboot

Use an SSH terminal program to connect to the Ubuntu Linux cloud server. Enter the command:

apt-get install lamp-server^

When prompted, enter y for yes, and press Enter:

This is what it looks like when the install finishes:

Testing the IP address of the Ubuntu Linux cloud server

Use a web browser to visit the IP address of the Ubuntu Linux cloud server.

If you get a warning like this, the IP address you have been assigned has a bad reputation. If this happens for you, use the Digital Ocean control panel to destroy the cloud server, then try again.

If you get a message like this, it means that the IP address you have been assigned has a good reputation. This means that we can proceed with the rest of the build:

Associating a host name with an IP address in DNS

Visit the Digital Ocean site. Click on the IP address of the cloud server to copy it to the clipboard:

Visit the GoDaddy site. Click on “Manage All”:

Click on “DNS”:

Click on “Manage Zones”:

search for your domain name:

This is the DNS Zone file for your domain name. It tells the Internet where to point requests for email and your website:

Click on the edit icon for the A record for the Name “@”

Enter the IP address for your Ubuntu Linux cloud server.
Specify a TTL of 1/2 hour.
Click save.

Note the CNAME record:

CNAME www @ 1 Hour

a CNAME, or “canonical name” is a nickname for a host. It means that www.yourdomainname.com will point to the IP address set for yourdomainname.com

GoDaddy populates a DNS zone file with this CNAME record by default. We are discussing this because you need to know this much about DNS zone files and domain names if you want to run a web server.

Previous step: Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux Cloud Server
Next step: Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2

Web presence step by step Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux cloud server

Previous step: Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean
Next step: Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1

Web presence step by step is a series of posts that show you how to build a web presence.

In this post, we learn how to use an SSH terminal program to connect to an Ubuntu Linux cloud server.

Windows

Visit this link to download the KiTTY SSH terminal program for Windows:

https://fosshub.com/KiTTY.html

Click on “Got it!” to remove the message at the bottom. Click on “DOWNLOAD KiTTY Windows classic”:

In the lower-left of your browser, right-click on the name of the downloaded file. Select “Show in folder”:

Right-click on kitty program. Click “Open”:

Un-check the box “Always ask before opening this file.” Click “Run”:

Host Name (or IP address): enter the IP address of your cloud server
Port: 22
Connection type: SSH
Saved Sessions/New Folder: enter the IP address of your cloud server

Click Save. Click Open:

The following warning appears. Click Yes:

A terminal window appears. This is what it looks like after you login::

MacOS

From Finder, go to Applications. From the Applications folder, double-click on Utilities:

Scroll down and locate the Terminal application. Double-click to start Terminal:

A Terminal window appears:

From this window, enter the command: root@ipaddressofyourcloudserver, substituting the IP address of your cloud server. This is what it looks like after you login:

Linux

There are 2 ways to launch the Terminal program under Linux.

Opening a Terminal session by right-clicking on the desktop

Right-click on the desktop. Select “Open in Terminal”:

A Terminal window appears:

Opening a Terminal session by clicking “Show Applications”

Click on the icon in the lower-left of your desktop to “Show Applications.” Scroll down to find the terminal program,

or enter the word “terminal” in the box “Type to search”:

A Terminal window appears:

From this window, enter the command: root@ipaddressofyourcloudserver, substituting the IP address of your cloud server:

This is what it looks like after you login:

Previous step: Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean
Next step: Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1

Web presence step by step Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean

Previous step: Chapter 2: Buying branded email from Gmail
Next step: Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux cloud server

Web presence step by step is a series of posts that will show you how to build a web presence.

In this post, we buy an Ubuntu Linux cloud server from Digital Ocean.

Connecting to the Digital Ocean site

Visit the Digital Ocean site. Create an account, or login to an existing account.

Click on “Create,” click on “Droplets”:


“Choose an image”: Ubuntu 20.04 (LTS) x64
“Choose a plan”: Shared CPU Basic

Click to select the option for “$5/mo”: (NOTE: this has recently changed to “$6/mo”)

Scroll down.

“Choose a datacenter region”: choose a region.
“Authentication”: click to select the option “Password.”
“Create root password”: enter a password.

Scroll down.

“Choose a hostname”: enter a hostname. This should in the format servername.yourdomain.com
“Add backups”: Click to select the option “Enable backups.”

Click Create Droplet:

For a few seconds, you can watch a progress bar as the cloud server is being created:

Take note of your new cloud server’s IP address.

Tip: If you move your mouse pointer over the IP address, you will see the word “copy.” You can click on the IP address to copy the IP address for the cloud server to the clipboard.

Previous step: Chapter 2: Buying branded email from Gmail
Next step: Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux cloud server

Web presence step by step Chapter 2: Buying branded email from Gmail

Previous step: Chapter 1: Buying a domain name from GoDaddy
Next step: Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we set up branded email for the domain we registered in Chapter 1: Buying a domain name from GoDaddy, using Google Workspace, formerly Gmail for Business.

Google actually starts you with Workspace Business Standard for C$15/mo (US$12/mo). At the end of this procedure, we will downgrade to Workspace Business Starter for C$7/mo (US$6/mo).

(In later chapters, we will build out our website capabilities with other vendors.)

Start by logging into the GoDaddy account you used to register a domain in Chapter 1: Buying a domain name from GoDaddy. This will help the Google Workspace control panel to communicate with GoDaddy later in this procedure.

Visit the Google Workspace site. Click Get Started:

Under Business name, enter the name of your business. if you are not sure, enter the name of your domain as the business name. Under “Number of employees, including you,” choose “Just you” for now. You will be able to add other accounts later. Click “Next”:

Enter “First name”,”Surname”,”Current email address.” Click “Next”:

Click on “Yes, I have one that I can use”:

Enter “Your domain name”
Click Next:

Click “Next”:

Click “No, thanks”:

Click “No, thanks”:

enter values for “Username” and “Password.” If you are not sure, use “info” as the “Username.” Click “Agree and continue”:

Click “Next”:

Enter information for “Name and address,” “Payment method.” Click “Next”:

Click “Continue to setup”:

Click “Next”:

Click “Activate”:

Click “Sign in to activate”:

Click “Connect”:

Google Workspace will attempt to connect to GoDaddy to setup email for the domain using the GoDaddy DNS servers:

Sometimes, the connection between Google Workspace and GoDaddy times out. If this happens, try again by clicking on “Sign in to activate”:

Google Workspace shows this screen if the domain if Gmail is activated for the domain. Since we do not want to create new any more new users, click “or skip for now”:

The following screen is shown.

visit Gmail and login to the email account you created, for example info@domain.com:

Send a test email message to an email account you control:

Verify that you have received the test message in the email account you control. Reply to the test message:

From Gmail, verify that you have received the reply to the test message:

Visit the GoDaddy site so we can examine the MX and TXT records in the DNS zone file for your domain:

Click on the icon for your account in the upper-right corner of the site. Click on “My Products”:

Click on the “DNS” tab:

On the DNS tab’s pull-down menu, click on “Manage Zones” Search for your domain name:

This screen shows the DNS zone file information for the domain. MX is short for Mail eXchanger. TXT is short for text comment, but TXT records are used for security tokens and email subsystems like SPF and DKIM.

Visit the Google Workspace admin site. Click Accept:

On the left-side menu, hover over “Billing,” then click on the sub-option “Get more services”:

In the rectangle labeled “Google Workspace Business Starter,” click “Downgrade”:

Click “Checkout”:

Click “Place order”:

Google will present the following screen:

Previous step: Chapter 1: Buying a domain name from GoDaddy
Next step: Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean

Web presence step by step Chapter 1: Buying a domain name from GoDaddy

Next step: Chapter 2: Buying branded email from Gmail

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we register a domain name with GoDaddy, a domain name registrar.

Make sure that you select private registration. Skip the offers for email and website builders. Use the default name servers (DNS servers) provided by GoDaddy.

(In later chapters, we will build out our email and website capabilities with other vendors.)

Create an account or sign in to an existing GoDaddy account:

enter the name of the domain you would like:

Choose “Full Domain Privacy & Protection.” Do not select “Start your website for FREE.” Do not take optional email services under “Create an email address that matches your domain.” Click “Continue to Cart”:

Click “Checkout”:

Click “View Domain Settings”:

Click “Complete setup”:

Select “SMS text messages.” Click Continue:

Enter the code sent by SMS text. Click “Next”:

Click “View Domain Settings”:

From the DNS menu, select “Manage Zones”:

For now, just look. This is your DNS control panel.

You will use the GoDaddy DNS servers to control your domain in later steps.

Next step: Chapter 2: Buying branded email from Gmail

Fedora 33 broke my UEFI boot

Recently, I read that a kernel update in Fedora 32 had resolved a problem with HDMI audio and Nouveau video drivers (https://bugzilla.kernel.org/show_bug.cgi?id=207223). My plan was to use the “live” distribution of Fedora 33 to test HDMI audio. I burned a USB stick, and tried to boot. “Selected boot image did not authenticate.” Worse still, the UEFI order in my motherboard was changed: the system booted to Windows. I had to use a UEFI utility to change my UEFI boot device order to restore the multiple-boot menu offering a choice between Linux and Windows.

Live distributions should be safer than this

Live distributions are supposed to be a safe way to evaluate an operating system. Now I cannot recommend that somebody try a Fedora USB stick until I have tested that version.

UEFI is important

I use UEFI/Secure Boot on my laptops because it enables multiple-boot menus with grub2. This allows me to see a menu at boot time offering a choice between Linux and Windows. UEFI is also important because some modern system like NVMe drives require UEFI.

The worst part is… they knew

https://bugzilla.redhat.com/show_bug.cgi?id=1883609#c73

Adam Williamson 2020-10-22 21:42:08 UTC

“To clear up blocker status here: after FESCo retracted it as a FESCo blocker – see https://bugzilla.redhat.com/show_bug.cgi?id=1883609#c66 – this was voted on under the normal criteria process in the Go/No-Go meeting today:

https://meetbot-raw.fedoraproject.org/fedora-meeting-1/2020-10-22/f33-final-go_no_go-meeting.2020-10-22-17.00.log.html

and rejected as a blocker more or less on the grounds that the majority of voters didn’t think enough people would run into it before Fedora 34 release, and that we can potentially release a subset or full set of rebuilt/updated images at some point during the 33 cycle if it is considered necessary.

Our current best understanding is that Ubuntu was shipping the DBX update to users (whether all or some subset) at some point but has now stopped doing that, and Microsoft will not ship the DBX update until Q2 2021.”

Linux, Bluetooth, and sound

Linux can provide a fast, secure, and modern desktop computing experience. However, Bluetooth audio on Linux sucks.

Bluetooth audio cuts out intermittently

If you experience 1 second gaps of silence approximately every 300 seconds of Bluetooth audio playback, this post may help you.

Try adding this line to the /etc/modprobe.d/alsa-base.conf file

sudo su
cd /etc/modprobe.d
nano alsa-base.conf

add this line:

options snd-hda-intel model=generic

save and exit
reboot

Can you use a wire instead?

A dear friend, of the same generation that refers to “Walkman jacks,” first helped solve this problem for audio at work from my personal laptop: by gifting a sound bar that can plug into an actual 1/8″ analog audio headphone jack.

(My friend also sent a USB-C plug to 1/8″ analog audio jack adapter, which I do not yet need, but have packed into my accessories bag, for use in the near future, when my next laptop will have even fewer ports.)

J&D USB C to 3.5mm Audio Adapter, USB Type C to 3.5mm Headphone, and Widely Compatible for Google, Samsung, Huawei, Moto, ...

No Bluetooth microphone support for Linux

There are technical and historical reasons for why there is no Linux driver support for Bluetooth microphones. My suggestion is to invest in a wired USB headset. Logitech is a safe choice.

Experimenting with Linux as a desktop operating system

There are several ways to experiment with Linux as a desktop operating system without making a full commitment to re-formatting your laptop, or giving up access to Windows. This post aims to provide ideas and a roadmap for a current Windows consumer considering a switch to desktop Linux, but unsure how or where to start.

Links for Ubuntu and Fedora distributions

https://releases.ubuntu.com/20.10/

https://getfedora.org/en/workstation/download/

There are many distributions of desktop Linux. I suggest you start with Ubuntu or Fedora.

Running Linux as a live desktop boot on a USB stick

The live version of Linux on a USB stick is useful to test the hardware on your laptop, and to get an idea of how a Linux distribution feels hands-on. The interface on Mint, for example, is quite different from the Gnome 3 desktop experience on Fedora and Ubuntu.

An example: the boot screen of a “live” distribution of Ubuntu. If you click “Try Ubuntu” the operating system will run using the USB stick as its storage.

The live version of Linux on a USB stick is impractical for day-to-day use.

(If your laptop’s SATA controller is configured for RAID mode, you will still be able to boot the live operating system from the Linux installer on a USB stick. However, you will not be able to read files on the Windows hard drive, or install Linux to the hard drive. See below for more details regarding SATA drive controllers, RAID mode, and AHCI mode.)

Running Linux as a virtual machine (VM) guest under VMware Workstation Player Free for Windows

VMware Workstation Player Free for Windows is proprietary software, but is available free of charge for personal, non-commercial use. This software offers good performance and a smooth experience.

https://www.vmware.com/ca/products/workstation-player/workstation-player-evaluation.html

Running Linux on an older, secondary machine

On average, people upgrade their personal laptop every 5 years. If you buy a new laptop, consider backing up your old laptop, then reformatting the old laptop with Linux. The old machine will get a new lease on life: Linux will run faster than Windows on the same hardware. This approach allows you to experiment with Linux without committing yourself.

Checking the SATA drive controller mode in BIOS: RAID vs AHCI

(Warning: Windows partition will be unusable after changing SATA mode to AHCI, do your backup first!)

If you intend to format a computer with Linux, you need to go into the BIOS and change the SATA drive controller from RAID mode to AHCI mode.

Go into the BIOS of the laptop by pressing F2 during bootup, and change the SATA controller mode from RAID to AHCI.

Many howtos on creating multiple-boot between Windows and Linux are now obsolete

Many of the existing howtos describing how to create a multiple-boot between Windows and Linux are now obsolete. In the past 3 years, laptop motherboards have been shipping with the SATA hard drive controller set by default to RAID instead of AHCI. Changing the SATA controller mode from RAID to AHCI renders an existing Windows installation unusable. These howtos rely on resizing an existing Windows partition to create unallocated space for a Linux install. There is, however, little point in preserving a broken Windows installation.

Formatting a computer with Windows and Linux in dual-boot mode

It is possible to install Windows and Linux in a multiple-boot configuration. However this requires backing up the unique data (documents and other unique files) from the existing Windows installation, changing the SATA controller mode, doing a fresh baremetal Windows install on part of the drive space, and doing a fresh baremetal install of Linux on another part of the drive space.

Checking whether a system is set for UEFI or Legacy/BIOS mode

Check the laptop’s BIOS to determine whether the system is set for UEFI or Legacy/BIOS mode. If the system is in Legacy/BIOS mode, change the setting to UEFI mode. This will be needed later, when the Linux installer creates a multiple-boot menu using grub2.

Installing the Windows baremetal partition

Rufus ISO utility

Rufus is an ISO burning utility:

[rufus screenshot]

https://rufus.ie/

Downloading a fresh ISO of Windows 10 from Microsoft

https://www.microsoft.com/en-ca/software-download/windows10ISO

Use Rufus, and specify partition type GPT and target system UEFI-CSM. Burn the USB stick.

Run the Windows installer. Destroy all existing partitions. Then, install Windows in a 200GB partition, but leave the rest of the drive space as “unallocated space.”

Downloading a fresh ISO of Ubuntu 20.04LTS Linux

https://releases.ubuntu.com/20.04/

Use Rufus, and specify partition type GPT and target system UEFI-CSM. Burn the USB stick.

Run the Ubuntu Linux installer. Let the installer use the remaining “unallocated space” on the hard drive.

Linux will install with a multiple-boot menu

Linux will also install a multiple-boot menu that appears when you start the computer. By default, Ubuntu Linux will boot first, but you can choose Windows as the boot within 10 seconds.

Consider Running Windows as a virtual machine (VM) guest under KVM/qemu on a Linux desktop

see my presentation on this subject: