Differences between revisions 124 and 125
Revision 124 as of 2012-11-06 08:31:07
Size: 12650
Comment:
Revision 125 as of 2012-11-06 08:46:52
Size: 12701
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
This is a community maintained list of things to do in order to get an appealing DebianDesktop. Your should keep this page up to date and integrate things into debian to shorten the list. This is a community maintained list of things to do in order to get an appealing DebianDesktop. If you know any news, you should keep this page up to date. If you are able to integrate things into debian, you may help to shorten the list.

This is a community maintained list of things to do in order to get an appealing DebianDesktop. If you know any news, you should keep this page up to date. If you are able to integrate things into debian, you may help to shorten the list.

Selecting the Debian Version

Refer to Debian Releases for more information about the Debian versions.

~2 year stable released versions + updates

Choose Debian Stable if you want the computer to just work for a prolonged period of time, without the risk of new packages breaking your habbits or workflow. You may still install selected packages from the Debian Backports and Debian Mozilla team repositiories to get newer versions of specific programs and always use a current web browser.

recent rolling versions

If it is really important to you to always have recent versions of all the installed software rolling onto your desktop or laptop, and you are fine with constantly downloading and installing updates that may stir up a bug every once in a while, you may choose Debian Testing.

current rolling versions

Well, if you are sure you really need this for all the installed packages, you should learn about Debian Sid.

Selecting a Desktop Environment

To select the desktop environment that the debian-installer installs, enter "Advanced options" on the boot screen and scroll down to "Alternative desktop environments". Otherwise, debian-installer will choose Gnome.

KDE is of course a renown heavy alternative.

Xfce is a fast and light alternative, and especially suited if you were using Gnome 2 and find Gnome 3 disappointing.

For older computers consider using LXDE or Xfce, because they are less resource hungry then Gnome or KDE.

Installing

System

Leave the root password empty, to use sudo with your regular password for system administration.

Consider setting RAMRUN and RAMLOCK to "yes" in /etc/default/rcS.

bug 653760 The audio group must not have any members, otherwise consolekit won't adjust audio permissions (ACLs) when switching between users.

To get the correct umask that leverages the private user groups (see group dirs below), you need to configure the umask adaption in /etc/pam.d/common-session manually until bug 646692 is fixed:

echo "session optional pam_umask.so usergroups" >> /etc/pam.d/common-session

Additionally, the gnome display manager (gdm) overrides the system's default umask. Thus, if you use gdm you may try to fix it, or just install another dm like kdm, slim, or (since wheezy) LightDM.

With "green" harddisk models or on laptops, install laptop-mode-tools and set CONTROL_HD_POWERMGMT=1 in /etc/laptop-mode.conf, to stop them from parking/unparking the heads every 8 seconds (clicking noise). (On NON-mobile devices you may even consider using a tool like idle3ctl to prevent load cycling alltogether.) See 'smartctl -a /dev/sdX' for your current Load_Cycle_Count.

If you need a specific program that is not in the repositories, or installed stable and need a more recent version of a program, refer to DebianSoftware.

Set up checking of the local /var/mail/<user> mailbox (e.g. add a mail notification icon to the panel).

Depending on the chosen desktop environment, your habit and the strain on your fingers, you may have to enable/disable single-click file opening in the file browser's preferences.

If you want to adjust system wide defaults for all users, refer to DesktopDefaultSettings.

Web Browser

With squeeze, you will need to enable the backports repository to have an extended support release (ESR) version of the mozilla browser on your system. (Follow the instructions on http://mozilla.debian.net)

For secure and sane browsing, install the following extensions with the debian package manager: xul-ext-noscript (clean companies from default whitelist), xul-ext-adblock-plus (disable its default whitelist), xul-ext-cookie-monster, xul-ext-https-everywhere, xul-ext-useragentswitcher(set genericly), and xul-ext-refcontrol(set to block). The squeeze packages of these add-ons are too old for the ESR browser versions, so you need to install these add-ons through the mozilla Add-ons tool (menu entry).

Disable third-party cookies, enable deletion of cookies when closing the browser (or disable all cookies), and delete the all cookies you where already fed with against your independence.

The add-ons HTTPS-Finder and ?RequestPolicy (remove the companies it sneaks into your whitelist) may only be available through the Add-ons download.

If you need to use the flashplugin-nonfree, it is in the non-free repository, and consider installing the betterprivacy extension.

Stop the browser from sending a hash of every Site you visit to google (ready to be added to your hashed browsing track) by disabling the options flagged as "block reported forgery and attack sites" in the security properties.

Disable the search engine "support" and of course the custom google startpage, to prevent the browser from connecting there everytime you start the browser or search something and identifying you reliably in the process.

See https://panopticlick.eff.org to find out how generic your fingerprint on the web really is, and monitor your firewall logs to even get to know the strange places your computer connects to.

Enable users to create (windows/cifs) network shares

Install samba (if not present already), then "sudo adduser <username> sambashare" to allow <username> to create file shares.

To avoid that samba creates files as the reserved user "nobody" (who should never own any files on the system), create a "sambaguest" user and add the following to the global section of /etc/samba/smb.conf:

guest account = sambaguest

To ensure that files created by samba guests are locally accessible, add this to the global section of /etc/samba/smb.conf:

inherit permissions = yes

Also remember to "chmod g+s" the directories of writable shares to be setguid dirs and set their read/write permissions according to the allowed samba users (i.e. publicly to enable guest access). (bug 678834) The "inherit permissions = yes" option lets samba create files with the permissions of the containing directory (x bits are still mapped to the windows' archive,hidden,system flags).

In squeeze, you also still need to add the following to /etc/samba/smb.conf to be able to allow guest access to shares:

usershare allow guests = yes

to the global section, and

map to guest = bad user

below the line "; security = user".

If your router does not resolve local hostnames correctly, and your ISPs DNS servers respond with false IPs instead of returning "unknown", also enable the "name resolve order" line (remove the ";") and move "host" to the end of the list.

(Locally Shared) Group Directories

With the umask correction from above, plus some default skeleton directories, debian can easily provide a really nice out of the box user collaboration experience: Users can simply collaborate on files, pictures, documents, etc. on multi-user systems (e.g. family PCs, servers etc.) in their group directories. Out of the box, the default group "users" allows all users to collaborate on files in /home/users, for finer grained collaboration, you can set up additional user groups.

See the UserPrivateGroups (UPG) wiki page for details. https://wiki.ubuntu.com/MultiUserManagement


There is another (more complicated) way to do this as well using Access Control Lists (ACLs). Check here and here for more information.

In a nutshell:
apt-get install acl
sarge kernels: filesystems supported -> ext2,ext3,jfs,xfs
etch kernels support: ext2,ext3,reiserfs,jfs,xfs,nfs (with module nfs_acl)
change /etc/fstab options for drive you want to use acls on
ie
/dev/hda5       /pub       ext3    defaults,acl    0       0
cd /pub
mkdir family
setfacl -m d:u::rwx,d:g:family:rw,d:m:rw,d:o:--- family
        this will set the umask of the family directory such that all files created will be -rw-rw----+ and all directories created will be drwxrwS---+. This might not be entirely correct. At the very least, NFS has to be configured for ACLs, or an NFS server on Sarge and NFS Client in Etch can't handle ACLs.
"getfacl family" will show you the permissions.
  • Good information James. Maybe move ACL stuff to a separtate page like ?FilesystemAccessControlLists and reference it from this how to? MultiUserManagement translation may also be of interest for you. Have you subscribed this page?


Additional packages you may want to install

Use apt-get install <packagename>, or the synaptic package manager to find, select and install the following packages:

  • firmware-linux* (from non-free repository may be needed even to install with certain hardware)
  • apt-get install -t squeeze-backports libreoffice (apt-get required as long as synaptic won't handle backports dependencies)
  • synaptic (not included with the Xfce desktop)
  • preload (will preload often used programms into ram)
  • mc (midnight commander, a console filemanager)
  • a ssh-askpass package (lets ssh use a graphical password prompt window when run under X)
  • geeqie (fast picture viewer)
  • vlc, browser-plugin-vlc, freetuxtv (video player)
  • parcellite (clipboard manager)
  • autokey (keyboard shortcuts)
  • zim (mangaging notes) + scrot (for screenshot plugin) Put "zim --plugin trayicon" in autostart.
  • goldendict-worldnet (english dictionary, and trans-de-en current selection with hotkey)
  • ding + trans-de-en + agrep (translations)

Desktop Specific Adaptions

Gnome

To create network shares with Gnome's nautilus, install package "nautilus-share".

To enable the greyed "Password: not asked at login" option for users in System > Administration > Users and Groups (Needed for (guest) account switching in addition to auto login.): Create the nopasswdlogin group,

sudo addgroup --system nopasswdlogin

and add the following to gdm's pam config in /etc/pam.d/gdm:

auth sufficient pam_succeed_if.so user ingroup nopasswdlogin

Make sure this line goes right before the "@include common-auth" line. You can use 'sudo adduser <user> nopasswdlogin' to add a user to the group.

Xfce

For network browsing, install gvfs-backends and gvfs-fuse and add your users to the 'fuse' group (sudo adduser <user> fuse). In squeeze, you also need to install and use gigolo, because the thunar file browser version in squeeze is not yet able to browse network shares (windows/cifs) directly.

This plugin is needed to create network shares with Xfce's thunar. Workaround: define custom actions (adjust the permissions (setguid) according to the samba section above).

Install catfish to be able to search for files.

In wheezy, you can get rid of the space consuming "dock" thing by adding the desired starters to Pannel 1 and deleting Panel 2 in the Pannel settings. You can move the panel to another location on the desktop while it is unlocked it in the settings.

For passwordless user swiching, you may create and enable a nopasswdlogin group as described for gnome, if you are using gdm (the default).

With debian squeeze on laptops with touchpads, you may want to add an autostart item that configures tap-clicking:

/usr/bin/synclient TapButton1=1 PalmDetect=1

If you want gui configuration tools, you may install gnome-disk-utility (palimpsest) and 'apt-get --no-install-recommends install gnome-system-tools'.

As photo manager maybe shotwell.

Finally

...have fun! And if you encounter bugs search the net, if the bug is not already filed, find the appropriate package and file a bug against it. If it concerns Debian you can use the "reportbug" utility for that.

Starting with wheezy, you can save your systems installation state with apt-clone.