Minimal Linux with CentOS 7

Minimal Linux with CentOS 7

I've been on a quest to create a minimal desktop using CentOS 7.  Starting with a minimal install of CentOS 7, I've slowly been adding packages to provide normal command line functionality instead of only minimal command line functionality.

yum -y install net-tools vim-enhanced ncurses-devel readline-devel bash-doc kernel-doc mlocate ksh zsh words attr ftp nmap-frontend telnet strace 

If you need to compile any kernel modules for virtualization or other purposes, you should add to that list:

kernel-devel kernel-headers make and gcc

Minimal Graphical User Interface Desktop for CentOS 7

To get the minimal desktop environment (GUI) for CentOS, I had to install the "xfce-desktop" package group with the following command run as root:

yum -y group install xfce-desktop

To add a few packages for web development and viewing I also ran as root:

 yum -y install bluefish firefox mate-terminal

Since I've been working on a VMWare virtual machine, and the current version of vmware-open-vm-tools and vmware-tools packages were having issues capturing the mouse properly,  I had to uninstall them and install the following packages:

yum -y install xorg-x11-drv-vmmouse xorg-x11-driv-vmware

Now, I can click into the desktop window, and my mouse stays captured in the guest, whereas before the mouse would too easily return to the host.

For those of you who may be running a VirtualBox, you can make sure that you activate the Guest Additions CD through the Device menu of the VirtualBox application. Then, you can click back into the VirtualBox guest and execute from the command line as the root user:

mount /dev/cdrom /mnt

Gnu Free Mono Fonts

Having started from a minimal install of CentOS 7, I was not at all pleased with how the terminal looked in the minimal xfce-desktop or in the mate-terminal.  It was using proportional fonts instead of monospace fonts in the terminal. After searching with:

yum search "monospace"

I found the gnu-free-mono-fonts package for CentOS 7.  After installing it with:

yum -y install gnu-free-mono-fonts

The terminal and desktop fonts immediately changed, and actually became fixed-width, and looked like proper monospace fonts.

Note: In building a recent minimal CentOS 6 system, I ran into the same problem, but  gnu-free-mono-fonts is not available. Fortunately, the liberation-mono-fonts is available for CentOS 6.


Sharing Shotwell in CentOS 7

Sharing Shotwell in CentOS 7

In CentOS 7, the database for shotwell is kept under the users home directory in the 
~/.local/share/shotwell/data directory along with a backup.  The thumbnails are stored the users home directory in the in the ~/.cache/shotwell/thumbs directory.

To share these directories between multiple users on my system, I created a group called "shotwell":
groupadd -r shotwell

I added each user to the group:
useradd -aG shotwell keith
useradd -aG shotwell wright

After importing all the multimedia possible into Shotwell, I backed up the data to make it easy to extract to the destination location:

cd ~/.local/share/shotwell/
tar cvzf shotwell-database.tar.gz  data/
cd  ~/.cache/shotwell/
tar cvzf shotwell-thumbs.tar.gz thumbs/

Next, the data was extracted to the destination location:

cd /usr/local/shotwell
tar xf shotwell-database.tar.gz
tar xf shotwell-thumbs.tar.gz

Make sure the permissions on the new directories will allow members of the group to write to the directories and files, and with setgid (g+s) make sure that they will own any new files created:

cd /usr/share/shotwell/
chgrp shotwell data
find data -type d -exec chmod 775 {} \;
find data -type f -exec chmod 664 {} \;
chgrp shotwell thumbs

find thumbs -type d -exec chmod 775 {} \;

find thumbs -type f -exec chmod 664 {} \;
chmod g+s data thumbs

For each user, you need to either remove their previous database and cache or rename these directories. Then, you can create a symbolic link to the shared directory for the database (data) and the thumbnails (thumbs).

For the first user:

cd ~keith/.local/share/shotwell/
mv data data-orig # or rm data
ln -s /usr/share/shotwell/data data

cd ~keith/.cache/shotwell/
mv thumbs thumbs-orig
ln -s /usr/share/shotwell/thumbs thumbs

For the second user:

cd ~wright/.local/share/shotwell/
mv data data-orig # or rm data
ln -s /usr/share/shotwell/data data

cd ~wright/.cache/shotwell/
mv thumbs thumbs-orig
ln -s /usr/share/shotwell/thumbs thumbs

Etc... for each user

Shotwell Sumary

The first time you have set up the directories, make sure you logout and log back in before trying to use shotwell again.  Also, shotwell is not designed for multiuser use, so do not allow multiple users to run the program at the same time.

It can take a long time to import your multimedia with shotwell. It may crash, but if you restart it, it will continue.  If you don't try and import too much, it seems to help, for example, going by month of the year you are importing instead of trying to import the whole year.  

Gate One - Command line applications from any HTML5 browser

Gate One

Gate One is a service that can be run on system to be able to provide secure access to any on the command line applications of the server and a SSH client.  No plugins are required for access, only an HTML5 compliant web browser.  There are both commercial and open source versions of this product available at http://liftoffsoftware.com/Products/GateOne.

Installation - Git it!

To install the Gate One you can use a git client to download it, and then execute the python setup.py install command.

  • First change to an appropriate directory as the root user
cd /usr/local

  • Clone the git repository
git clone https://github.com/liftoff/GateOne

  • Install it with setup.py in the GateOne directory
cd GateOne
python setup.py install

  • Start gateone to create a default configuration
gateone &
Once it runs, break out of the service



Configure the service with JSON files 10server.conf, 20authentication.conf, and 50terminal.conf.  The files are named with two important distinctions.  One, they are processed in alphabetical order. Two, they are only processed if they have .conf suffix.

The port to use is in 10server.conf, as I already had 443 in use.  The configuration files are found in the /etc/gateone/conf.d directory.  

cd /etc/gateone/conf.d
Edit to your liking.  Here is my  modified 10server.conf:

// This is Gate One's main settings file.
    // "gateone" server-wide settings fall under "*"
    "*": {
        "gateone": { // These settings apply to all of Gate One
            "address": "",
            "ca_certs": null,
            "cache_dir": "/tmp/gateone_cache",
            "certificate": "/etc/gateone/ssl/certificate.pem",
            "cookie_secret": "NGNiMjBhYjQ0M2FiNDgxYmFjOGE0ZmNkMWI1MGI0MzlhN",
            "debug": false,
            "disable_ssl": false,
            "embedded": false,
            "enable_unix_socket": false,
            "gid": "0",
            "https_redirect": false,
            "js_init": "",
            "keyfile": "/etc/gateone/ssl/keyfile.pem",
            "locale": "en_US",
            "log_file_max_size": 100000000,
            "log_file_num_backups": 10,
            "log_file_prefix": "/var/log/gateone/gateone.log",
            "log_to_stderr": null,
            "logging": "info",
            "multiprocessing_workers": null,
            "origins": ["localhost", "", "localhost.localdomain", "localhost4", "localhost4.localdomain4", "localhost6", "localhost6.localdomain6"],
            "pid_file": "/var/run/gateone.pid",
            "port": 10443,
            "session_dir": "/tmp/gateone",
            "session_timeout": "5d",
            "syslog_facility": "daemon",
            "uid": "0",
            "unix_socket_path": "/tmp/gateone.sock",
            "url_prefix": "/",
            "user_dir": "/var/lib/gateone/users",
            "user_logs_max_age": "30d"

Here is my 50terminal.conf.  I added Perl, Python and Ruby applications by adding other objects in the commands for the terminal.

// This is Gate One's Terminal application settings file.
    // "*" means "apply to all users" or "default"
    "*": {
        "terminal": { // These settings apply to the "terminal" application
            "commands": {"SSH": {"command": "/usr/lib/python2.7/site-packages/gateone-1.2.0-py2.7.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S '%SESSION_DIR%/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=\\\"%USERDIR%/%USER%/.ssh/known_hosts\\\"'", "description": "Connect to hosts via SSH."}, 
            "PYTHON": {"command": "/bin/python", "description": "Start Python Shell"},
            "PERL": {"command": "/bin/perl -d -e42", "description": "Start Perl Debugger Interactively"},
            "RUBY": {"command": "/bin/irb", "description": "Start Interactive Ruby Shell"}},
            "default_command": "SSH",
            "dtach": true,
            "enabled_filetypes": "all",
            "environment_vars": {"TERM": "xterm-256color"},
            "session_logging": true,
            "syslog_session_logging": false

Here is what I added to the 50terminal.conf:

            "PYTHON": {"command": "/bin/python", "description": "Start Python Shell"},
            "PERL": {"command": "/bin/perl -d -e42", "description": "Start Perl Debugger Interactively"},
            "RUBY": {"command": "/bin/irb", "description": "Start Interactive Ruby Shell"}}

If you want to customize how things work beyond these configuration files, then you can edit various files under the directory where gateone was installed on your system.
For example, to change the branding on the main screen from "Gate One - Applications", then the /usr/lib/python2.7/site-packages/gateone-1.2.0-py2.7.egg/gateone/static directory contains the file gateone.js, where I updated line 3342 to the following:

titleH2.innerHTML = gettext("OCS Learning Gateway");

Running GateOne Unprivileged

By default, the gateone.service systemd configuration file has the service run as the root user.  Since I wanted to be able to start programming shells, this was not something that I wanted to allow.  So, I modified the systemd configuration file for gateone.service found at: /usr/lib/systemd/system/gateone.service 

In the [Service] block, I added:

Update: In the 10server.conf, the uid value can also be changed from 0 to the uid of an unprivileged user.  This allows the server to start with root privileges to bind to a port, but then drop them. 

Here's what the whole gateone.service file looks like now:
Description=Web-based terminal



Next, I created the service account to match and set the proper ACLs on the user's home directory:

useradd -r -s /sbin/nologin -d /var/lib/gateone gateone
setfacl -Rm d:u:gateone:rwx /var/lib/gateone
setfacl -Rm u:gateone:rwx /var/lib/gateone

Then, I switched from the root account to the gateone user with sudo:

sudo -u gateone bash

As the gateone user, I executed gateone to create the default configuration:


Once it runs, break out of the service


The configuration files for the gateone user were updated by copying from the /etc/gateone/conf.d

cp /etc/gateone/conf.d/*.conf ~gateone/.gateone/conf.d/


To send a message to the screen, you can get an application to use the JavaScript:
GateOne.Visual.displayMessage('Message notification');

To send text to the terminal application, you can use the JavaScript:

About Me - WrightRocket

My photo

I've worked with computers for over 30 years, programming, administering, using and building them from scratch.

I'm an instructor for technical computer courses, an editor and developer of training manuals, and an Android developer.