Installing your first Linux system
Pick a distro that matches what you want to do and how much faff you can tolerate. If you want something that usually behaves, Ubuntu LTS or Linux Mint is a fair starting point. If you want newer packages with a straightforward installer, Fedora Workstation or Pop!_OS are worth a look. Arch is brilliant if you already know your way around the command line, but it is not the easy route.
Choosing a distro and preparing the media
Download the ISO from the project site and check the SHA256 or signature. Skip that and you are trusting a file you have not checked. A bad image wastes time and can leave you staring at an installer that never had a chance. For a GUI tool, I use balenaEtcher.
On an existing Linux box, dd works fine if you know the syntax:
sudo dd if=path/to.iso of=/dev/sdX bs=4M status=progress && sync
Replace /dev/sdX with the USB device. Get that wrong and you overwrite the wrong drive. Linux is very consistent about not forgiving mistakes.
Decide whether you want a desktop or not. For a laptop, pick something with decent power management, like GNOME or Cinnamon. For a lighter machine, XFCE or LXQt is a better fit. Check hardware support as well. Test Wi-Fi, graphics, and suspend in a live session before you install. If the live image struggles with Nvidia, look at the proprietary driver route first rather than guessing later.
Plan the partitions before you start:
- EFI partition, if you are using UEFI: 512 MB, FAT32.
- Root
/: 30–50 GB is enough for most installs. /home: the rest, unless you prefer a single root partition.- Swap: use a swapfile instead of a swap partition unless you need hibernation. If you do need hibernation, match swap size to RAM.
If you want disk encryption, enable full-disk LUKS during installation. It does not cost much in performance and it protects the machine if it goes walkabout.
Install, secure, and keep it working
Install with some intent. Boot the installer. Use manual partitioning only if you already planned the layout. If not, use the guided option. Create a standard, unprivileged user during install. I avoid using the root account for everyday work.
After the first boot, do these straight away:
- Install updates. For Ubuntu or Debian:
sudo apt update && sudo apt upgrade -y
For Fedora:
sudo dnf upgrade --refresh
For Arch:
sudo pacman -Syu
- Create an SSH key if you will access the machine remotely:
ssh-keygen -t ed25519 -C "your_email"
Use ssh-copy-id or append the public key to ~/.ssh/authorized_keys by hand.
- Check what is listening on the machine:
ss -tuln
Firewall rules should start simple. On Ubuntu, I use ufw because it is clear and scriptable.
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
That blocks unwanted inbound traffic and allows outbound access. If you run a web server, add:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
On Fedora, firewalld is common. Use the same idea: block by default, allow only what you need.
Use a separate local account for daily work and grant sudo only when needed. Check sudoers with visudo and avoid broad NOPASSWD rules.
Backups save time when things go wrong, which they will. Pick one or two methods and test restores monthly.
- File-level backups with
rsync. Example to an external drive:
rsync -aAX --delete /home/ /media/backup/home/
Run that from cron or a systemd timer. The --delete flag mirrors the source, so test it first.
- Snapshots for system state. Timeshift works well on desktop systems using rsync or BTRFS snapshots. Use it before major upgrades.
- Encrypted deduplicating backups. For off-site backups,
borgbackuporresticare solid choices. Initialise a repo and run backups regularly. Test a restore and check it actually comes back.
Use the 3-2-1 pattern: at least three copies, two different media, one off-site. Keep one restore point you know works.
For desktop systems, automatic security updates can be fine if you want less maintenance. For servers, I prefer manual updates on a schedule so I can check for breakage. Remove unused packages with apt autoremove or the equivalent. Keep snaps and flatpaks under control as they can eat disk space.
For systems with discrete GPUs, install the vendor driver from the distro’s official repos or its “additional drivers” tool. If Wi-Fi or Bluetooth acts up, check dmesg and the hardware vendor’s Linux support notes. Firmware updates sometimes arrive in linux-firmware. Do not pull random driver packages from odd corners of the internet.
Keep a live USB handy. Know how to chroot into the system for repairs. Keep a current list of sudo commands you use often. For boot problems, check the previous boot with:
journalctl -b -1
For broken package states, use the distro’s recovery docs.
Quick checklist:
- Chosen distro and verified ISO.
- Bootable USB created and tested.
- User account created, root locked.
- Swapfile or hibernation set up.
- Disk encryption if needed.
- Firewall rules in place and tested.
- SSH key auth set up.
- Backup pattern implemented and restore tested.
- Regular update plan defined.
If you do all that, the first install is much less likely to turn into an evening of unnecessary grief.



