Ctrl-Alt-Backspace

This is nothing You won't find easily with Google, but for convenience it's here, too:
By default, the Ctrl-Alt-Backspace key combo does... nothing. In order to have it kill the X server (that's what it used to do in the good ol' times), simply use the GNOME menu and go to "System"->"Preferences"->"Keyboard"->"Layout">"Options..."->"Key sequence to kill the X server" and mark the entry.
That's it! You're done (already)!

UPDATE: There is a key in the gconf database which controls this behaviour. The preferences set this key. However, changing the value of the key for the gdm user does not enable Ctrl-Alt-Backspace during the login screen.
A workaround is to just use Alt-SysRq-K (Secure Access Key) instead of Ctrl-Alt-Backspace. The effect in GDM/GNOME is the same, as the SAK combo kills every process on the active tty.

Smartcards and SSH

The standard openssh packages shipped with Ubuntu 10.04 provide no support for smartcards. In order to get either the ssh-agent or ssh itself to accept a smartcard (such as the Aladdin eToken), I needed to recompile the whole package. I have no idea why the developers included no apparent support for smartcards in the distribution, installing the necessary packages doesn't make it possible to use them in any application I know.
Here's how to get support for smartcards in openssh:

1. Set up a directory to download and compile the sources in.
2. If You haven't already, make sure the "Source code" checkbox is checked in software-properties-gtk or You have the right deb-src lines in Your /etc/apt/sources.list. After doing so, don't forget to execute apt-get update to update the package lists.
3. Install all the required packages:
   

   Code:
   $ apt-get install build-essential libopenct1 libopensc2 libopensc2-dev openct opensc $ apt-get build-dep openssh

   In order to be able to use opensc as a normal user, You have to add Your regular account to the scard user group:
   

   Code:
   $ adduser <username> scard

   You might have to start a new shell/terminal or even log out and back in to apply the change.
4. Now download the package into the directory You created. You can do this as an unprivileged user (I would recommend to do so). Change into the directory and execute:
   

   Code:
   $ apt-get source openssh

   You should now have 2 .tar.gz files, 1 .dsc file and a source directory named openssh-<version number>. Change into the directory.
5. Make sure openssh will be compiled with smartcard support. In the debian subdirectory, there's a file named rules. This file specifies what options are passed to configure when the package is compiled. Edit the file and insert the following line:
   

   Code:
   confflags += --with-opensc

   The best place would be behind the first block of confflags += ... statements, titled "Common build options.", as it's essential to insert it before the line saying
   

   Code:
   confflags_udeb := $(confflags)

6. Now You can compile the package. Make sure You are in the source code root directory (openssh-<version number>) and execute
   

   Code:
   $ debuild -us -uc

   This will build the package without signing the package itself or the .changes file.
7. If You now go back into the directory You created (should be 1 above Your current directory), You should see several new .deb packages. Install these (for this you need root access again)
   

   Code:
   $ dpkg -i *.deb

8. You're almost done. If you use GNOME, You need to stop the gnome-keyring from breaking Your ssh-agent. Doing this from command line is a pain in the arse, so just use the "Startup Applications" menu entry under "System"->"Preferences". Use the tool to disable the "SSH Key Agent". If You don't use GNOME, You just wasted Your time reading this step.
9. Now log out and back in to make sure Your ssh-agent is killed. If You don't use GNOME, You also need to make sure it is running at all (most desktop managers start it automatically, but if You only use a console, You need to configure it Yourself).
10. You should now be able to list the smartcard devices with
    

    Code:
    $ opensc-tool -l

    Ignore any error messages that might appear, it should still work just fine. 2 OpenCT reader (detached) will appear by default and if You plugged in a smartcard, it should show up as such. Use
    

    Code:
    $ ssh-add -s0

    (or substitute 0 with the reader number if it is different) to add Your private key to the ssh-agent.

One last note: Upon upgrading the openssh packages, You need to do all this again, of course.

That's it! You're done!

New Ubuntu themes and button positions

Ubuntu 10.04 looks neat. That is, except for the position of the window control buttons (minimize, maximize, close). Probably they thought something like "Hey, if Apple does it this way, it must be good!" and placed the buttons on the left side of the window title bar.
This sucks if You don't have a Mac and aren't used to it.
Fortunately, there's a way to "simply" change the position. It involves (once again) GConf.

Either use gconftool or the gconf-editor to access the key:

Code:
/apps/metacity/general/button_layout

If You're using gconftool - the key is of type string.
You can set the key to order the buttons in almost any way you want. Just specify the order in which the items should appear in the window title bar:

menu - a button for the window menu (the menu You get when You right-click the title bar)
: (colon) - the window title (will be placed at the end if omitted)
minimize, maximize, close - the respective button

The default is "close,minimize,maximize:" and the default in earlier distributions was "menu:minimize,maximize,close".
In case You just want back the good old layout, here's the command line:

Code:
$ gconftool -t string -s /apps/metacity/general/button_layout "menu:minimize,maximize,close"

That's it! You're done!

No asterisks for passwords in gdm login window!

The GNOME Display Manager was extensively customisable - until it got rewritten. Now it's a pain the arse to change anything about the login mask. There are 2 things that I wanted to change and I finally managed to do so.

1. Disable the user album. One disadvantage of this is that everyone can see which users exist on the computer - this might be a security concern. Another issue is that it's impossible to log in as root.
   As this setting is saved in the gconf-tree, You need to edit that. The graphical gconf-editor didn't work for me, but using the command line is faster anyway (if you know what to enter, of course):
   

   Code:
   $ sudo -u gdm gconftool -t bool -s /apps/gdm/simple-greeter/disable_user_list true

   If You're asked for gdm's password, try executing the command as root (still with sudo -u gdm, of course).
   
2. The other issue is related to the password entry in the gdm login window. When entering the password, a black circle is displayed for every letter. This makes it possible for everyone looking to observe Your password length. To change it, You need to edit the .ui file of the simple-greeter application. Its location is:
   

   Code:
   /usr/share/gdm/gdm-greeter-login-window.ui

   Search for the line
   

   Code:
   <object class="GtkEntry" id="auth-prompt-entry">

   This seems to be some GTK data describing the user/password entry field in the login window. Following that line there's a list of <property> entries. At the end of the list, insert the following line:
   

   Code:
   <property name="invisible_char">&#x200B;</property>

   This sets the character which is displayed instead of the typed letters to the unicode letter 200B, which is the zero-width space character, effectively hiding anything You type into the password field. You can also set the character to anything else you like - at least any unicode letter. Using non-existant letters like 0000, however, will break Your gdm, as the gdm-greeter-login-window will fail and will not be displayed, disabling the ability to log in via gdm.
   

That's it! You're done!

Ubuntu's sudo policy

UPDATE: I don't recommend to follow the guide in this post any longer. It can lead to unwanted behaviour (regular users can't reboot or shut down the computer, only root can do so by using a console). A friend pointed out that as You are probably using Ubuntu as a desktop or laptop OS (There are way better distros to use as a server OS than Ubuntu!), the crucial data on the machine will probably be Your personal data (and not the system files). If someone cracks Your user account, You're screwed. If that person now gains root access by using Your user account, he doesn't gain anything.

Yay, f1rst post!
Ubuntu is quite a fine distribution, but I don't like their sudo policy. It's like Windows' administrator policy, giving a regular user full control of the system. Linux used to have a dedicated root user for changing the system's configuration. And I want it back that way.
If You think the same, there are basically 3 things You need to do to get the root user back in control:

1. Give root a password.
   

   Code:
   $ sudo passwd root

2. Change the sudoers file so sudo <command> asks for the root password instead of the user's one.
   

   Code:
   $ su - $ visudo

   Add the targetpw option to the Defaults line so it looks like this:
   

   Code:
   Defaults env_reset,targetpw

   A side-effect of using targetpw instead of rootpw is that sudo -u <username> <command> asks for username's password instead of the root password.
   You might also want to add timestamp_timeout=0, this option is described in the sudoers manpage. A tip: add insults for some extra fun!
   In order to enable every user to use the sudo command (not without entering the root password, of course), You also need to change the user privilege specification.
   Comment out the 2 lines beginning with %sudo and %admin and add the line:
   

   Code:
   ALL ALL=(ALL) ALL

   to the end of the file
3. Change gnome's gksu. You don't really have to do this, because entering the root password in the password dialogues of gnome will still launch Synaptic or whatever program we want to use, but this is more a decorational thing. gksudo asks for the user's password, although we need to enter the root password. gksu asks for the root password (and also has the ability to save the password for a short time).
   

   Code:
   $ gksu-properties

   Change Authentication mode from sudo to su.
   

That's it! You're done!