Translation(s): English - espaƱol - Italiano

This is a community-maintained list of things to do in order to get an appealing DebianDesktop installation. If you have any additions, you should keep this page up to date. If you are able to integrate things into Debian, please help to shorten the list.

Select Appropriate Debian Release

Refer to Debian Releases for more information about the Debian versions, but the following ideas may guide your decision.

Using (released) stable versions + security updates and selected newer backport packages? (a full distribution upgrade is made available about every two years)

Choose Debian Stable if you want the computer to just work for a prolonged period of time, without the risk of new packages breaking your habits or workflow. You may still install more recent versions of selected packages from the Debian Backports repository.

Using rolling (recent) testing package versions? (distributed for public testing)

If it is important to you to have recent versions of all the installed software continuously rolling onto your desktop or laptop, and you are fine with constantly downloading and installing updates that may stir up a bug every once in a while, you may choose Debian Testing.

Using rolling (currently new) unstable package versions? (they just made it out of the Debian developer "labs")

Well, if you are sure you really need this for all the installed packages, you should learn about Debian "Sid".


Official installation images are available from the Debian download page.

For Debian 12 onwards, debian-installer will detect and automatically install necessary non-free firmware. For Debian 11 and earlier, please refer to the Firmware Page to determine if and how you may need to download firmware for a successful installation.

Select a Desktop Environment

During the installation, you can select your preferred desktop environment at the Selecting and Installing Software installation step.

By default, Debian installer will choose GNOME, however you can also select Xfce, KDE Plasma, Cinnamon, MATE, LXDE, or LXQt.

GNOME and KDE each boast a complete desktop experience, an extensive ecosystem of apps, and support for Wayland.

For older computers, consider using Xfce, LXQt, or LXDE, as they consume less system resources.

Users used to GNOME 2 may prefer MATE, which is a continuation of that project.

Users transitioning from Windows may prefer Cinnamon, which provides a Windows 7-like experience.

Or, you may choose e17 (Enlightenment), a new candidate that also features a touchscreen mode.



To use sudo and your regular password for system administration, leave the root password empty during installation.

There is a neat universal partitioning scheme you can set up, especially if you have an SSD, may want redundant drives, or want to keep laptop drives spun down to lower noise and power consumption. Find it together with instructions on how to minimize disk writes as at SSD Optimizations.

Bug 653760 - The audio group must not have any members, otherwise consolekit won't adjust audio permissions (ACLs) when switching between users.

To get the correct umask that leverages the private user groups (see group dirs below), you need to configure the umask adaption in /etc/pam.d/common-session manually until the bug 646692 is fixed:

echo "session optional usergroups" >> /etc/pam.d/common-session

Note that the GNOME display manager (gdm) overrides the system's default umask. Thus, if you use gdm you may try to fix it, or just install another dm like kdm, slim, or LightDM.

"Green" or laptop hard disk models often suffer from parking/unparking their heads every 10 seconds or so, causing excessive wear. Check 'smartctl -a /dev/sdX' to see your current Load_Cycle_Count. As a countermeasure, install laptop-mode-tools and set CONTROL_HD_POWERMGMT=1 in /etc/laptop-mode.conf (sets "hdparm -B 254" on AC to stop those clicks). Alternatively, you may be able to set the hard drive's head parking idle timeout to something like 1-3 minutes, or to disable the timeout altogether on NON-mobile devices (idle3-tools), have a process generate more frequent disk activity as long as it sees other activity (, or hunt down and eliminate the source of the periodic disk accesses (probably log messages).

Check that /etc/aliases contains a root: <mail-user> line that forwards mail directed at the root user to your own user account, and execute "sudo newaliases" if changes were necessary. (And set up your mail program to check your local mailbox under /var/mail/.

To monitor hard drive health status, install smartmontools and smart-notifier, then set "start smartd = yes" in /etc/default/smartmontools.

Maybe consider using AppArmor / Tomoyo and separate sub-users to confine browsers, email clients, etc.

Enable users to create (windows/cifs) network shares

Install samba (if not present already), then "sudo adduser <username> sambashare" to allow <username> to create file shares.

To avoid that samba creates files as the reserved user "nobody" (who should never own any files on the system), create a "sambaguest" user and add the following to the global section of /etc/samba/smb.conf:

guest account = sambaguest

To ensure that files created by samba guests are locally accessible, add this to the global section of /etc/samba/smb.conf:

inherit permissions = yes

Also remember to "chmod g+s" the directories of writable shares to be setguid dirs and set their read/write permissions according to the allowed samba users (i.e. publicly to enable guest access). (Bug Debian 678834)

The "inherit permissions = yes" option lets samba create files with the permissions of the containing directory (but x bits are still mapped to the Windows' system flags: archive, hidden).

If your router does not resolve local hostnames correctly, and your ISPs DNS servers respond with false IPs instead of returning "unknown", also enable the "name resolve order" line (remove the ";") and move "host" to the end of the list.

(Locally Shared) Group Directories

With the umask correction from above, plus some default skeleton directories, Debian can easily provide a really nice out-of-the-box user collaboration experience: users can simply collaborate on files, pictures, documents, etc. on multi-user systems (e.g. family PCs, servers etc.) in their group directories. Out of the box, the default group "users" allows all users to collaborate on files in /home/users; for finer grained collaboration, you can set up additional user groups.

See the UserPrivateGroups (UPG) wiki page for details and MultiUserManagement

Web Browser

For a recent and still maintained version of a mozilla browser, you need to enable the "release" source from

For secure and sane browsing, install the following extensions with the Debian package manager: xul-ext-noscript (clean companies from default whitelist), xul-ext-adblock-plus (disable its default whitelist), xul-ext-cookie-monster, xul-ext-useragentswitcher (set generically), and xul-ext-refcontrol (set to block).

The add-ons HTTPS-Everywhere, "Ref Control" and "Request Policy" (maybe remove the companies it sneaks into your whitelist) may only be available through the browser Add-ons download menu/page.

Also consider the add-ons "ghostery", and "self-destructing cookies" to block unwanted cookies, and enable deletion of required cookies once its tab is closed (if allowed and not whitelisted), and delete all the cookies you were already fed with against your independence.

If you need to use the flashplugin-nonfree, it is in the contrib repository, and consider installing the betterprivacy extension.

Stop the browser from sending Google a hash of every site you visit (ready to be added to your hashed browsing track) by disabling the options flagged as "block reported forgery and attack sites" in the security properties.

Disable the search engine "support" and of course the custom Google start page, to prevent the browser from connecting there every time you start the browser or search something and identifying you reliably in the process.

See to find out how generic your fingerprint on the web really is, and monitor your firewall logs to even get to know the strange places your computer connects to.

Consider BFilter. (newer packages:

Additional packages you may want to install

Use apt-get install <packagename>, or the synaptic package manager to find, select and install the following packages:


Set up checking of the local /var/mail/<user> mailbox (e.g. add a mail notification icon to the panel).

Depending on the chosen desktop environment, your habit and the strain on your fingers, you may have to enable/disable single-click file opening in the file browser's preferences.

If you need a specific program that is not in the repositories, or installed stable and need a more recent version of a program, refer to DebianSoftware.

If you want to adjust system-wide defaults for all users, refer to DesktopDefaultSettings.

Desktop Specific Adaptions


To create network shares with Nautilus, install package "nautilus-share".

To enable the greyed "Password: not asked at login" option for users in System > Administration > Users and Groups (Needed for (guest) account switching in addition to auto login.): Create the nopasswdlogin group,

sudo addgroup --system nopasswdlogin

and add the following to gdm's pam config in /etc/pam.d/gdm:

auth sufficient user ingroup nopasswdlogin

Make sure this line goes right before the "@include common-auth" line. You can use "sudo adduser <user> nopasswdlogin" to add a user to the group.


For network browsing in the thunar file manager, install gvfs-backends and gvfs-fuse, and add your users to the "fuse" group (sudo adduser <user> fuse).

Thunar is missing a plugin to create network shares (bug 672539). Workaround: define custom actions (adjust the permissions (setguid) according to the samba section above).

Install Catfish to be able to search for files.

You can get rid of the space-consuming "dock" thing at the bottom by adding the desired starters to Panel 1 and deleting Panel 2 in the Panel settings. To move a panel to another location on the desktop, you need to "unlock" it in the panel settings.

For passwordless user switching, you may create and enable a nopasswdlogin group as described for GNOME, if you are using gdm (the default).

Wheezy's Xfce version does not yet have a dialog to enable touchpad-tapping clicks, you need to add an autostart item that executes the following:

/usr/bin/synclient TapButton1=1 PalmDetect=1

If you need to configure (multiple) monitors and their settings, install "arandr". It allows to save the screenlayout to a .sh file that can be called from an autostart item.

If you want more graphical configuration tools, you may install gnome-disk-utility (palimpsest) and "apt-get --no-install-recommends install gnome-system-tools".

As a photo manager, maybe install Shotwell.


...have fun! And if you encounter bugs, search the Internet, if the bug is not already filed, find the appropriate package and file a bug against it. If it concerns Debian, you can use the "reportbug" utility for that.

You can create a backup of your complete system installation state with apt-clone.

See also