Back to the home page
Below you'll find some advanced hacks for Linux Mint, only meant for users with a lot of Linux experience. Not for beginners!
Contents of this page:
- 1. Enable the frozen Guest session (guest account) and customize it to your liking
- 2. Use Conky to monitor your system
- 3. Automatic shutdown when closing laptop lid (all desktop environments)
- 4. Disable IPv6 (when you can't establish internet connection)
- 5. Problems with Libre Office? Install a newer Libre Office
- 6. How to manually install a non-free driver for your Nvidia video card
- 7. Install the latest iwlwifi driver for your Intel wireless card
- 8. Installing a kernel from a newer series
- 9. Fix lost localization in Firefox
- 10. Install the latest CPU microcode from upstream
- 11. How to add booting from an ISO file to the Grub bootloader menu
- 12. How to execute a root command automatically on startup
- 13. Make sure that your system will never become unresponsive because of lack of memory
- 14. Cutting out some systemd units
- 15. Sending one specific log error to /dev/null
- 16. For offline computers only (security!): turning the mitigations off for extra speed
Enable the frozen Guest session (guest account) and customize it to your liking
1. Present by default in a cleanly installed Linux Mint: an idiot-proof guest account that automatically reverts to the default settings upon reboot (or upon logout).This frozen guest account runs in kiosk mode (full confinement), so all changes in the guest session are being deleted at reboot or logout. It's a nice and handy feature of display manager LightDM.
Unfortunately its confinement currently isn't as complete as it should be, in combination with the systemd of Linux Mint. So it has been disabled by default. If you're willing to take that incomplete confinement onto the bargain, you can enable it as follows:
a. Menu button - Administration - Login Window
Tab Users: Allow guest sessions: switch it on.
b. Reboot your computer. Note that in Cinnamon and MATE you might not be able to log in to the Guest account yet, because of a bug. In Xfce this same bug might not allow logging in, but it might prevent rebooting and shutting down. But there is an elegant workaround for this misery:
c. Log into your normal account and launch a terminal window.
(You can launch a terminal window like this: *Click*)
d. Install some apparmor tools. In the terminal (use copy/paste to avoid typing errors):
sudo apt-get install apparmor-utils
Press Enter.
e. Then you're going to tell AppArmor not to deny access to required resources, by setting the profile of the Guest Session to "complain mode". In this mode the AppArmor security policy is not enforced for the Guest Session profile, but rather "access violations" are logged to the system log. Copy/paste into the terminal:
sudo aa-complain /usr/lib/lightdm/lightdm-guest-session
Press Enter.
Now you should be able to log into the Guest account after all.
f. The guest session has default settings which might not suit you. You can adapt the default settings of the guest account by means of a trick: you can create a "skeleton" account with the right settings, and then configure the Guest session to copy those settings from the "skeleton" account.
This is how you do that:
g. Create a new user account, called Framework. You can do that by launching "Users and Groups" from the menu. This new account should be a normal user account with no special privileges.
Note: the "Full Name" of this new user should begin with a capital letter! Not the "Username", because user names have to be all lowercase. But in "Users and Groups" the new "Full Name" should begin with a capital letter, because otherwise a malfunction might occur.
Ensure that a password is required for logging into this new user account. It's best to set the same password as the one for the account of the system administrator (your personal account), because only the system administrator should be able to log into it.
h. Log out and then log into the new user account Framework, and configure it the way you want the Guest session to become. For example with a nicer wallpaper instead of Mint's default eternal night, and with different settings for Firefox and Libre Office.
In the next step you'll ensure that the Guest session will copy all of its settings from the new account Framework. You can change those settings later on as well: later changes in Framework will also land automatically in the Guest session.
i. Log out from the Framework account and log into the account of the system administrator (your personal account).
j. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
k. Then in the terminal (use copy/paste to avoid typing errors):
sudo ln -v -s /home/framework /etc/guest-session/skel
Press Enter.
(note that framework doesn't begin with a capital letter in the command)
l. Log out from your account and log into the Guest session. Now it should have the same settings as the new user account Framework.
The only disadvantage is, that you now have an extra "useless" user account in the login window.
Do you want to make new changes later on? That's simple: later changes in the Framework account, will also land automatically in the Guest session.
Use Conky to monitor your system
2. Conky is a very useful and versatile tool for checking what's going on in your system. You can find a how-to with screenshots on this page.Automatic shutdown when closing laptop lid (all desktop environments)
3. It's useful when closing the laptop lid invokes an automatic shutdown, even when Power Manager doesn't allow for that option in your desktop environment. In all desktops that can be achieved like this:a. Copy/paste the following command line into the terminal:
xed admin:///etc/systemd/logind.conf
Press Enter.
b. In that text configuration file, find the following line:
HandleLidSwitch=ignore
in some cases this line looks a bit different, namely: #HandleLidSwitch=suspend
Delete it and replace it by this line:
HandleLidSwitch=poweroff
Save the modified text file and close it.
c. Reboot your computer. Closing the laptop lid should now evoke an automatic shutdown of your computer.
Note (1): in the lightweight Xfce edition of Linux Mint, Xfce's Power Manager then (i.e. after the reboot mentioned in step c) may need to be configured to allow systemd (or rather: logind) to perform a full shutdown of your laptop upon closing the lid, when you've configured logind to do so. Because Xfce's Power Manager overrules logind.
That can be achieved like this:
- Menu button - Settings - Settings Editor. Make it full screen, so you can operate it easily.
- In its left panel, click on xfce4-power-manager.
In its right panel, click on:
logind-handle-lid-switch
.... and set it to TRUE.
Is there no such value? Then create it as a new Boolean value (and set it to TRUE).
- Close Settings Editor.
- Reboot (or log out and in again).
Note (2): on some laptops an undesirable side effect might occur, namely a CPU that becomes very hot, causing its cooling fan to start blowing full speed all the time.
In that case I advise to undo this hack.
Disable IPv6 (when you can't establish internet connection)
4. Some old modems and routers can't deal properly with modern IPv6. This might cause a bad unstable connection or even a complete failure to establish any connection at all. In that case, disable IPv6 like this:Menu - Preferences - Network Connections
Click on the name of your current connection - click the button Edit...
Tab IPv6 Settings - Method: change it into Ignore
Click the button Save... and then click the button Close
Disconnect and reconnect, or simply reboot your computer.
Problems with Libre Office? Install a newer Libre Office
5. If you experience problems with your current version of Libre Office, you can install a later version of Libre Office with a PPA.This is how to do it (item 8).
How to manually install a non-free driver for your Nvidia video card
6. Do you have a graphics card from Nvidia, which is so new that the proprietary restricted driver version in the software repositories of Mint is too old? Then you can proceed like this.Install the latest iwlwifi driver for your Intel wireless card
7. In certain circumstances you may need a newer iwlwifi driver for your Intel wireless card, than the one that's available by default. For getting that, see this how-to (*click*).Installing a kernel from a newer series
8. Sometimes, when you have a very new computer, you have a problem: the drivers in the Linux kernel of Linux Mint, aren't recent enough. In that case, you can try whether a newer officially supported kernel suffices:From the menu, launch Update Manager. In the toolbar of Update Manager: View - Linux kernels
Install the very latest kernel from the latest series in the list.
Then reboot your computer.
If that kernel still isn't new enough, you have the following options:
Trying the latest OEM kernel
8.1. Ubuntu and Linux Mint also feature so-called OEM kernels, which are often (but not always!) newer than the regular kernels. Courtesy of the Ubuntu Kernel Team. They're official stable kernels, so they're just as safe to use as the default kernel of your Ubuntu/Mint.These OEM kernels allow hardware manufacturers to ship new computers with Ubuntu (or Mint), even when the hardware components are very new. Because the drivers are in the kernel.
The latest of these OEM kernels is currently (September 9th, 2023) the 6.5.x.
You can install the latest OEM kernel like this:
a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Then in the terminal (use copy/paste to avoid typing errors):
sudo apt-get install linux-oem-22.04d
Press Enter. Type your password when prompted. In Ubuntu this remains entirely invisible, not even dots will show when you type it, that's normal. In Mint this has changed: you'll see asterisks when you type. Press Enter again.
c. Reboot your computer.
d. After this reboot your computer should run on the latest OEM kernel. Check it by means of the following terminal command:
uname -r
Press Enter.
Trying a kernel from the Canonical Kernel Team PPA (somewhat risky)
8.2. You can install an even newer and wholly unsupported kernel by means of a non-official (and therefore theoretically less safe) software source: the canonical-kernel-team PPA.The Canonical Kernel Team PPA has a good reputation, because the Canonical Kernel Team consists out of the people that create the official Ubuntu/Mint kernels as well.
Note 1: The newer kernel you're about to install is unsupported in your version of Linux Mint, so there's an increased risk of malfunctions and errors. This should therefore only be done as emergency measure.
Note 2: If you're currently using the closed non-free Nvidia driver or the amdgpu driver from AMD, the newer kernel from this PPA might not support it.
The method is as follows:
Launch a terminal window.
(You can launch a terminal window like this: *Click*)
Then in the terminal (use copy/paste to avoid typing errors):
sudo add-apt-repository ppa:canonical-kernel-team
Press Enter. Type your password when prompted. In Ubuntu this remains entirely invisible, not even dots will show when you type it, that's normal. In Mint this has changed: you'll see asterisks when you type. Press Enter again.
With this, you add the software source to your sources list.
c. Then in the terminal (use copy/paste):
sudo apt-get update
Press Enter. With this, you inform your system about the contents of the newly added software source.
d. From the menu, launch Update Manager. Refresh it. Then, in the toolbar of Update Manager: View - Linux kernels
Install the very latest kernel in the list.
e. Reboot your computer.
f. After this reboot your computer should run on the latest kernel. Check it by means of the following terminal command:
uname -r
Press Enter.
Even more risky: a bleeding edge kernel from the cowboys
8.3. Do you want to try an even newer unsupported kernel than the already risky "ordinary" unsupported kernels from Canonical Kernel Team? Then you can get a bleeding edge high-risk kernel from the cowboys: the unstable branch of Canonical Kernel Team. In this way:First:
sudo add-apt-repository ppa:canonical-kernel-team/unstable
Secondly:
sudo apt-get update
Thirdly:
Launch Update Manager and use its kernel tool.
Finally:
Reboot and pray for the best. Yeehaw!
Fix lost localization in Firefox
9. When you have a non-English Firefox, it might suddenly have lost its localization and turned fully English. If that happens, then the first thing to try is simply closing and re-launching Firefox. If that doesn't help, this is how to fix it:In the address bar of Firefox, type:
about:config
Press Enter and then click to accept the risk.
Then right-click anywhere on that page - New - String
Give the new string this name:
intl.locale.requested
Leave the value empty; this forces Firefox to follow the system locale.
Click OK.
Close Firefox and restart it.
Install the latest CPU microcode from upstream
10. By way of emergency measure you can install the latest CPU microcode from upstream, like this.How to add booting from an ISO file to the Grub bootloader menu
11. Do you want to test an iso from a particular Linux, and don't you have a USB thumb drive or DVD at hand? No worries: you can boot directly from an ISO file in the Grub bootloader menu, simply by creating a menu entry for it.Proceed like this:
a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Use copy/paste to transfer the following command line into the terminal:
xed admin:///etc/grub.d/40_custom
Press Enter. Type your password when prompted (it will be asked twice).
c. Delete the current contents of the text file that you've just opened and copy/paste the following blue code block into it:
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
menuentry 'ISO from Linux Mint 21.2 Cinnamon' {
set isofile='/home/pjotr/Downloads/linuxmint-21.2-cinnamon-64bit.iso'
loopback loop (hd0,gpt1)$isofile
linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=${isofile} quiet splash
initrd (loop)/casper/initrd.lz
}
Note: don't omit the last line with the accolade } !
The three important variable parts of that code block, which you need to adapt to your own situation, are the following:
I. The menu entry name. In the code block it's now:
ISO from Linux Mint 21.2 Cinnamon
II. The file path including the filename. In my case I had downloaded the iso file of Linux Mint 21.2 Cinnamon with my web browser, so I just left it in the default Downloads folder in my personal folder and created that file path directly to it:
/home/pjotr/Downloads/linuxmint-21.2-cinnamon-64bit.iso
III. The hard disk indicator (hd0,gpt1). In my case this points to the first hard drive and the first partition, which is the partition containing the .iso file. This hard disk indicator might be without the gpt indication on your computer, so: (hd0,1).
Check what the exact hard disk indicator is on your own computer, with the following terminal command (use copy/paste to transfer it to the terminal):
cat /boot/grub/grub.cfg | grep root=
Press Enter.
Sidenote: mark the annoyingly confusing hybrid way of numbering: the first hard disk is 0 (the nerd way of counting which starts with 0), but the first partition on that disk is 1 (the normal way of counting which starts with 1). It beats my imagination, but the guys in charge apparently actually thought that implementing such irritating hybrid numbering confusion was a good idea...
d. Save and close the modified text file.
e. Now you're going to inform your boot loader about the changes you've just made. Use copy/paste to transfer the following command line into the terminal:
sudo update-grub
Press Enter. Type your password when prompted. In Ubuntu this remains entirely invisible, not even dots will show when you type it, that's normal. In Mint this has changed: you'll see asterisks when you type. Press Enter again.
f. Reboot and test.
How to execute a root command automatically on startup
12. If you wish to execute a root command, for which you need "sudo" permissions, automatically on startup, this is how to do it.Make sure that your system never becomes unresponsive because of lack of memory
13. With EarlyOOM, you can ensure that your system will never be locked down by memory shortage. Because EarlyOOM will automatically kill the largest process when that is about to happen. This is how to install it:a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Use copy/paste to transfer the following command line into the terminal:
sudo apt-get install earlyoom
Press Enter. Type your password when prompted.
c. Reboot. This should activate EarlyOOM.
d. Test it by executing this command, that should trigger a memory overload caused by the application "tail":
tail /dev/zero
It should be terminated automatically. You can check what happens when you run a separate terminal window alongside, in which you run the application "top".
Because of its importance, systemd is sometimes called "the second kernel".
It loads a lot of services and such, during booting. They're called units. Most of these units are essential, but not all of them are. Below I'll show you how to cut out a couple of units that you might not use anyway.
a. This is the terminal command that shows all systemd units in your system:
systemctl list-units --all
b. If you never issue printing commands from your machine, then you can cut out the printing units (cups) like this:
sudo systemctl mask cups.path cups-browsed.service cups.service cups.socket
This'll take effect after rebooting. You can undo it by replacing mask by unmask in that command (followed by a reboot).
c. When you don't use Logical Volume Management (LVM), which would usually be a bad idea anyway, then you can cut out its units like this (it's one long line):
sudo systemctl mask lvm2-activation.service lvm2-lvmpolld.service lvm2-monitor.service lvm2-lvmpolld.socket
This'll take effect after rebooting. You can undo it by replacing mask by unmask in that command (followed by a reboot).
d. When you don't use a dial-up modem, you can cut out its unit like this:
sudo systemctl mask ModemManager.service
This'll take effect after rebooting. You can undo it by replacing mask by unmask in that command (followed by a reboot).
e. This is how to check which units you have masked (i.e. thoroughly disabled):
systemctl list-units --all | grep masked
a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Copy/paste the following command line into the terminal, for creating a configuration file:
sudo touch /etc/rsyslog.d/30-garbage.conf
b. Open that newly created empty file for editing. Copy/paste this line into the terminal:
xed admin:///etc/rsyslog.d/30-garbage.conf
Press Enter.
(the three consecutive slashes are intended and no typo!)
c. Copy/paste the following text into it:
# Log a kernel generated garbage log message to eternal damnation
:msg,contains,"TRASH" /dev/null/garbage.log
Replace TRASH by a distinctive and unique part of the offending log error line that you wish to get rid of. Note that it should be placed between the quotation marks.
d. Save the modified file and reboot. The offending log error line shouldn't be added to /var/log/syslog anymore.
But.... The mitigations also reduce the performance of your computer. On old machines (AMD CPU: 2016 or earlier, Intel CPU: 2019 or earlier) the performance loss is considerable: up to 25 %. On newer machines (AMD CPU: 2017 or later, Intel CPU: 2020 or later) the performance loss is much smaller: up to 5 %.
If your computer isn't connected to the internet, it doesn't need protection against those dangerous vulnerabilities. So if your computer is always offline, then you can increase its performance by disabling the mitigations. This is how:
a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Copy/paste the following command line into the terminal:
xed admin:///etc/default/grub
Press Enter.
(the three consecutive slashes are intended and no typo!)
c. Find the following line (it might be longer in your system, but this is how it looks by default):
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
Modify it by adding the parameter mitigations=off, so that it becomes:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"
Save the modified file and close it.
d. Copy/paste the following command line into the terminal, in order to execute the modification:
sudo update-grub
Press Enter. Type your password when prompted. In Ubuntu this remains entirely invisible, not even dots will show when you type it, that's normal. In Mint this has changed: you'll see asterisks when you type. Press Enter again.
(if you type the command: note the dash between update and grub)
e. Reboot.
f. You can check the security status of your machine concerning the aforementioned vulnerabilities, with this terminal command:
inxi -Ca
Want more tips?
Do you want more tips and tweaks? There's a lot more of them on this website!
For example:
Speed up your Linux Mint!
Clean your Linux Mint safely
Avoid 10 fatal mistakes
To the content of this website applies a Creative Commons license.
Back to the home page
Disclaimer
b. Use copy/paste to transfer the following command line into the terminal:
sudo apt-get install earlyoom
Press Enter. Type your password when prompted.
c. Reboot. This should activate EarlyOOM.
d. Test it by executing this command, that should trigger a memory overload caused by the application "tail":
tail /dev/zero
It should be terminated automatically. You can check what happens when you run a separate terminal window alongside, in which you run the application "top".
Cutting out some systemd units
14. You can cut out some items you don't use, from systemd. This might reduce the system load a bit, but not by much. The gain will be small, whereas the risk of breakage is considerable. So tread carefully....Because of its importance, systemd is sometimes called "the second kernel".
It loads a lot of services and such, during booting. They're called units. Most of these units are essential, but not all of them are. Below I'll show you how to cut out a couple of units that you might not use anyway.
a. This is the terminal command that shows all systemd units in your system:
systemctl list-units --all
b. If you never issue printing commands from your machine, then you can cut out the printing units (cups) like this:
sudo systemctl mask cups.path cups-browsed.service cups.service cups.socket
This'll take effect after rebooting. You can undo it by replacing mask by unmask in that command (followed by a reboot).
c. When you don't use Logical Volume Management (LVM), which would usually be a bad idea anyway, then you can cut out its units like this (it's one long line):
sudo systemctl mask lvm2-activation.service lvm2-lvmpolld.service lvm2-monitor.service lvm2-lvmpolld.socket
This'll take effect after rebooting. You can undo it by replacing mask by unmask in that command (followed by a reboot).
d. When you don't use a dial-up modem, you can cut out its unit like this:
sudo systemctl mask ModemManager.service
This'll take effect after rebooting. You can undo it by replacing mask by unmask in that command (followed by a reboot).
e. This is how to check which units you have masked (i.e. thoroughly disabled):
systemctl list-units --all | grep masked
Automatically sending one specific log error to /dev/null
15. Sending something to /dev/null equals dumping it into a black hole; it's a vanishing act. You can send one specific log error to /dev/null automatically, if it becomes too spammy. In the following way:a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Copy/paste the following command line into the terminal, for creating a configuration file:
sudo touch /etc/rsyslog.d/30-garbage.conf
b. Open that newly created empty file for editing. Copy/paste this line into the terminal:
xed admin:///etc/rsyslog.d/30-garbage.conf
Press Enter.
(the three consecutive slashes are intended and no typo!)
c. Copy/paste the following text into it:
# Log a kernel generated garbage log message to eternal damnation
:msg,contains,"TRASH" /dev/null/garbage.log
Replace TRASH by a distinctive and unique part of the offending log error line that you wish to get rid of. Note that it should be placed between the quotation marks.
d. Save the modified file and reboot. The offending log error line shouldn't be added to /var/log/syslog anymore.
For offline computers only (security!): turning the mitigations off for extra speed
16. The kernel contains security mitigations for the Spectre, Meltdown and Retbleed vulnerabilities. These mitigations protect you against those infamous vulnerabilities. Those vulnerabilities, among other things, can be exploited through your web browser. So they pose a serious threat.But.... The mitigations also reduce the performance of your computer. On old machines (AMD CPU: 2016 or earlier, Intel CPU: 2019 or earlier) the performance loss is considerable: up to 25 %. On newer machines (AMD CPU: 2017 or later, Intel CPU: 2020 or later) the performance loss is much smaller: up to 5 %.
If your computer isn't connected to the internet, it doesn't need protection against those dangerous vulnerabilities. So if your computer is always offline, then you can increase its performance by disabling the mitigations. This is how:
a. Launch a terminal window.
(You can launch a terminal window like this: *Click*)
b. Copy/paste the following command line into the terminal:
xed admin:///etc/default/grub
Press Enter.
(the three consecutive slashes are intended and no typo!)
c. Find the following line (it might be longer in your system, but this is how it looks by default):
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
Modify it by adding the parameter mitigations=off, so that it becomes:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"
Save the modified file and close it.
d. Copy/paste the following command line into the terminal, in order to execute the modification:
sudo update-grub
Press Enter. Type your password when prompted. In Ubuntu this remains entirely invisible, not even dots will show when you type it, that's normal. In Mint this has changed: you'll see asterisks when you type. Press Enter again.
(if you type the command: note the dash between update and grub)
e. Reboot.
f. You can check the security status of your machine concerning the aforementioned vulnerabilities, with this terminal command:
inxi -Ca
Want more tips?
Do you want more tips and tweaks? There's a lot more of them on this website!
For example:
Speed up your Linux Mint!
Clean your Linux Mint safely
Avoid 10 fatal mistakes
To the content of this website applies a Creative Commons license.
Back to the home page
Disclaimer
