|Deletions are marked like this.||Additions are marked like this.|
|Line 206:||Line 206:|
|* [[SecurePersonalComputer]], another similar guide||* [[SetupGuides/SecurePersonalComputer]], another similar guide|
This is a community-maintained list of things to do in order to get an appealing DebianDesktop installation. If you have any additions, you should keep this page up to date. If you are able to integrate things into Debian, please help to shorten the list.
Select Appropriate Debian Release
- Using (released) stable versions + security updates and selected newer backport packages? (a full distribution upgrade is made available about every two years)
- Using rolling (recent) testing package versions? (distributed for public testing)
- Using rolling (currently new) unstable package versions? (they just made it out of the Debian developer "labs")
- Select a Desktop Environment
- Desktop Specific Adaptions
- See also
Select Appropriate Debian Release
Refer to Debian Releases for more information about the Debian versions, but the following ideas may guide your decision.
Using (released) stable versions + security updates and selected newer backport packages? (a full distribution upgrade is made available about every two years)
Choose Debian Stable if you want the computer to just work for a prolonged period of time, without the risk of new packages breaking your habits or workflow. You may still install more recent versions of selected packages, e.g. from the Debian Backports and Debian Mozilla team repositories, to get newer versions of specific programs and to always use a current web browser.
Using rolling (recent) testing package versions? (distributed for public testing)
If it is important to you to have recent versions of all the installed software continuously rolling onto your desktop or laptop, and you are fine with constantly downloading and installing updates that may stir up a bug every once in a while, you may choose Debian Testing.
Using rolling (currently new) unstable package versions? (they just made it out of the Debian developer "labs")
Well, if you are sure you really need this for all the installed packages, you should learn about Debian "Sid".
Please refer to the Firmware Page to determine if and how you may need to download firmware for a successful installation.
Official installation images are available from the Debian download page.
Select a Desktop Environment
To select the desktop environment that the debian-installer installs, enter "Advanced options" on the boot screen and scroll down to "Alternative desktop environments". Otherwise, debian-installer will choose GNOME.
KDE is of course a renowned, heavy alternative.
Xfce is a fast and light alternative, and especially suited if you were using GNOME 2 and find GNOME 3 disappointing.
For older computers, consider using LXDE or Xfce, because they are less resource-hungry than GNOME or KDE.
Or, you may choose e17 (Enlightenment), a new candidate that also features a touchscreen mode.
To use sudo and your regular password for system administration, leave the root password empty during installation.
There is a neat universal partitioning scheme you can set up, especially if you have an SSD, may want redundant drives, or want to keep laptop drives spun down to lower noise and power consumption. Find it together with instructions on how to minimize disk writes as at SSD Optimizations.
Bug 653760 - The audio group must not have any members, otherwise consolekit won't adjust audio permissions (ACLs) when switching between users.
To get the correct umask that leverages the private user groups (see group dirs below), you need to configure the umask adaption in /etc/pam.d/common-session manually until the bug 646692 is fixed:
echo "session optional pam_umask.so usergroups" >> /etc/pam.d/common-session
Note that the GNOME display manager (gdm) overrides the system's default umask. Thus, if you use gdm you may try to fix it, or just install another dm like kdm, slim, or LightDM.
"Green" or laptop hard disk models often suffer from parking/unparking their heads every 10 seconds or so, causing excessive wear. Check 'smartctl -a /dev/sdX' to see your current Load_Cycle_Count. As a countermeasure, install laptop-mode-tools and set CONTROL_HD_POWERMGMT=1 in /etc/laptop-mode.conf (sets "hdparm -B 254" on AC to stop those clicks). Alternatively, you may be able to set the hard drive's head parking idle timeout to something like 1-3 minutes, or to disable the timeout altogether on NON-mobile devices (idle3-tools), have a process generate more frequent disk activity as long as it sees other activity (https://code.google.com/p/wdsaver), or hunt down and eliminate the source of the periodic disk accesses (probably log messages).
Check that /etc/aliases contains a root: <mail-user> line that forwards mail directed at the root user to your own user account, and execute "sudo newaliases" if changes were necessary. (And set up your mail program to check your local mailbox under /var/mail/.
To monitor hard drive health status, install smartmontools and smart-notifier, then set "start smartd = yes" in /etc/default/smartmontools.
Enable users to create (windows/cifs) network shares
Install samba (if not present already), then "sudo adduser <username> sambashare" to allow <username> to create file shares.
To avoid that samba creates files as the reserved user "nobody" (who should never own any files on the system), create a "sambaguest" user and add the following to the global section of /etc/samba/smb.conf:
guest account = sambaguest
To ensure that files created by samba guests are locally accessible, add this to the global section of /etc/samba/smb.conf:
inherit permissions = yes
Also remember to "chmod g+s" the directories of writable shares to be setguid dirs and set their read/write permissions according to the allowed samba users (i.e. publicly to enable guest access). (Bug Debian 678834)
The "inherit permissions = yes" option lets samba create files with the permissions of the containing directory (but x bits are still mapped to the Windows' system flags: archive, hidden).
If your router does not resolve local hostnames correctly, and your ISPs DNS servers respond with false IPs instead of returning "unknown", also enable the "name resolve order" line (remove the ";") and move "host" to the end of the list.
(Locally Shared) Group Directories
With the umask correction from above, plus some default skeleton directories, Debian can easily provide a really nice out-of-the-box user collaboration experience: users can simply collaborate on files, pictures, documents, etc. on multi-user systems (e.g. family PCs, servers etc.) in their group directories. Out of the box, the default group "users" allows all users to collaborate on files in /home/users; for finer grained collaboration, you can set up additional user groups.
For a recent and still maintained version of a mozilla browser, you need to enable the "release" source from mozilla.debian.net.
For secure and sane browsing, install the following extensions with the Debian package manager: xul-ext-noscript (clean companies from default whitelist), xul-ext-adblock-plus (disable its default whitelist), xul-ext-cookie-monster, xul-ext-useragentswitcher (set generically), and xul-ext-refcontrol (set to block).
The add-ons HTTPS-Everywhere, "Ref Control" and "Request Policy" (maybe remove the companies it sneaks into your whitelist) may only be available through the browser Add-ons download menu/page.
Also consider the add-ons "ghostery", and "self-destructing cookies" to block unwanted cookies, and enable deletion of required cookies once its tab is closed (if allowed and not whitelisted), and delete all the cookies you were already fed with against your independence.
If you need to use the flashplugin-nonfree, it is in the contrib repository, and consider installing the betterprivacy extension.
Stop the browser from sending Google a hash of every site you visit (ready to be added to your hashed browsing track) by disabling the options flagged as "block reported forgery and attack sites" in the security properties.
Disable the search engine "support" and of course the custom Google start page, to prevent the browser from connecting there every time you start the browser or search something and identifying you reliably in the process.
See https://panopticlick.eff.org to find out how generic your fingerprint on the web really is, and monitor your firewall logs to even get to know the strange places your computer connects to.
Additional packages you may want to install
Use apt-get install <packagename>, or the synaptic package manager to find, select and install the following packages:
- firmware-linux* (from non-free repository may be needed even to install with certain hardware)
- synaptic (not included with the Xfce desktop)
- preload (will preload often used programs into ram)
- mc (midnight commander, a console file manager)
- a ssh-askpass package (lets ssh use a graphical password prompt window when run under X)
- geeqie (fast picture viewer)
- vlc, browser-plugin-vlc, freetuxtv (video player)
- parcellite or clipit (lightweight clipboard manager)
- autokey (keyboard shortcuts)
- zim (managing notes) + scrot (for screenshot plugin) Put "zim --plugin trayicon" in autostart.
- (e.g. on SSDs autosave after ten minutes instead of 10 seconds: ~/.config/zim/preferences.conf: autosave_timeout=600)
- goldendict-worldnet (english dictionary, and trans-de-en current selection with hotkey)
- ding + trans-de-en + agrep (translations)
- backintime (backup program)
Set up checking of the local /var/mail/<user> mailbox (e.g. add a mail notification icon to the panel).
Depending on the chosen desktop environment, your habit and the strain on your fingers, you may have to enable/disable single-click file opening in the file browser's preferences.
If you need a specific program that is not in the repositories, or installed stable and need a more recent version of a program, refer to DebianSoftware.
If you want to adjust system-wide defaults for all users, refer to DesktopDefaultSettings.
Desktop Specific Adaptions
To create network shares with Nautilus, install package "nautilus-share".
To enable the greyed "Password: not asked at login" option for users in System > Administration > Users and Groups (Needed for (guest) account switching in addition to auto login.): Create the nopasswdlogin group,
sudo addgroup --system nopasswdlogin
and add the following to gdm's pam config in /etc/pam.d/gdm:
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
Make sure this line goes right before the "@include common-auth" line. You can use "sudo adduser <user> nopasswdlogin" to add a user to the group.
For network browsing in the thunar file manager, install gvfs-backends and gvfs-fuse, and add your users to the "fuse" group (sudo adduser <user> fuse).
Install Catfish to be able to search for files.
You can get rid of the space-consuming "dock" thing at the bottom by adding the desired starters to Panel 1 and deleting Panel 2 in the Panel settings. To move a panel to another location on the desktop, you need to "unlock" it in the panel settings.
For passwordless user switching, you may create and enable a nopasswdlogin group as described for GNOME, if you are using gdm (the default).
Wheezy's Xfce version does not yet have a dialog to enable touchpad-tapping clicks, you need to add an autostart item that executes the following:
/usr/bin/synclient TapButton1=1 PalmDetect=1
If you need to configure (multiple) monitors and their settings, install "arandr". It allows to save the screenlayout to a .sh file that can be called from an autostart item.
If you want more graphical configuration tools, you may install gnome-disk-utility (palimpsest) and "apt-get --no-install-recommends install gnome-system-tools".
As a photo manager, maybe install Shotwell.
...have fun! And if you encounter bugs, search the Internet, if the bug is not already filed, find the appropriate package and file a bug against it. If it concerns Debian, you can use the "reportbug" utility for that.
You can create a backup of your complete system installation state with apt-clone.
SetupGuides/SecurePersonalComputer, another similar guide