Differences between revisions 150 and 151
Revision 150 as of 2012-11-25 14:27:49
Size: 13614
Comment:
Revision 151 as of 2012-11-27 12:52:26
Size: 13717
Comment:
Deletions are marked like this. Additions are marked like this.
Line 129: Line 129:
Consider BFilter. http://bfilter.sourceforge.net (newer Packages: http://wiki.ubuntuusers.de/bfilter)

This is a community maintained list of things to do in order to get an appealing DebianDesktop installation. If you have any news, you should keep this page up to date. If you are able to integrate things into debian, you may help to shorten the list.

Select Appropriate Debian Release

Refer to Debian Releases for more information about the Debian versions.

using (released) stable versions + security updates and selected newer backport packages (a full distribution upgrade is made available about every two years)

Choose Debian Stable if you want the computer to just work for a prolonged period of time, without the risk of new packages breaking your habbits or workflow. You may still install more recent versions of selected packages from the Debian Backports and Debian Mozilla team repositiories, to get newer versions of specific programs and to always use a current web browser.

using rolling (recent) testing package versions (distributed for public testing)

If it is important to you to have recent versions of all the installed software rolling onto your desktop or laptop, and you are fine with constantly downloading and installing updates that may stir up a bug every once in a while, you may choose Debian Testing.

using rolling (currently new) unstable package versions (they just made it out of the debian developer "labs")

Well, if you are sure you really need this for all the installed packages, you should learn about Debian "Sid".

Select a Desktop Environment

To select the desktop environment that the debian-installer installs, enter "Advanced options" on the boot screen and scroll down to "Alternative desktop environments". Otherwise, debian-installer will choose Gnome.

KDE is of course a renown heavy alternative.

Xfce is a fast and light alternative, and especially suited if you were using Gnome 2 and find Gnome 3 disappointing.

For older computers consider using LXDE or Xfce, because they are less resource hungry then Gnome or KDE.

Beginning with wheezy, you can also install e17 (enlightment) that even provides a touchscreen mode.

Installing

System

To use sudo and your regular password for system administration, leave the root password empty during installation.

Especially for SSD drives, and to keep laptop drives spun down to save power, you should minimize disk writes as described at SSD Optimizations.

bug 653760 The audio group must not have any members, otherwise consolekit won't adjust audio permissions (ACLs) when switching between users.

To get the correct umask that leverages the private user groups (see group dirs below), you need to configure the umask adaption in /etc/pam.d/common-session manually until bug 646692 is fixed:

echo "session optional pam_umask.so usergroups" >> /etc/pam.d/common-session

Additionally, the gnome display manager (gdm) overrides the system's default umask. Thus, if you use gdm you may try to fix it, or just install another dm like kdm, slim, or (since wheezy) LightDM.

"Green" or laptop harddisk models often suffer from parking/unparking their heads every 10 seconds or so, causing excessive wear. Check 'smartctl -a /dev/sdX' to see your current Load_Cycle_Count. As a countermeasure, install laptop-mode-tools and set CONTROL_HD_POWERMGMT=1 in /etc/laptop-mode.conf (sets "hdparm -B 254" on AC to stop those clicks). Alernatively, you may be able to set the hard drives's head parking idle timout to something like 1-3 Minutes, or to disable the timeout altogether on NON-mobile devices (idle3-tools), have a process generate more frequent disk activity as long as it sees other activity (https://code.google.com/p/wdsaver), or hunt down and eliminate the source of the periodic disk accesses (probably log messages).

Enable users to create (windows/cifs) network shares

Install samba (if not present already), then "sudo adduser <username> sambashare" to allow <username> to create file shares.

To avoid that samba creates files as the reserved user "nobody" (who should never own any files on the system), create a "sambaguest" user and add the following to the global section of /etc/samba/smb.conf:

guest account = sambaguest

To ensure that files created by samba guests are locally accessible, add this to the global section of /etc/samba/smb.conf:

inherit permissions = yes

Also remember to "chmod g+s" the directories of writable shares to be setguid dirs and set their read/write permissions according to the allowed samba users (i.e. publicly to enable guest access). (bug 678834) The "inherit permissions = yes" option lets samba create files with the permissions of the containing directory (x bits are still mapped to the windows' archive,hidden,system flags).

In squeeze, you also still need to add the following to /etc/samba/smb.conf to be able to allow guest access to shares:

usershare allow guests = yes

to the global section, and

map to guest = bad user

below the line "; security = user".

If your router does not resolve local hostnames correctly, and your ISPs DNS servers respond with false IPs instead of returning "unknown", also enable the "name resolve order" line (remove the ";") and move "host" to the end of the list.

(Locally Shared) Group Directories

With the umask correction from above, plus some default skeleton directories, debian can easily provide a really nice out of the box user collaboration experience: Users can simply collaborate on files, pictures, documents, etc. on multi-user systems (e.g. family PCs, servers etc.) in their group directories. Out of the box, the default group "users" allows all users to collaborate on files in /home/users, for finer grained collaboration, you can set up additional user groups.

See the UserPrivateGroups (UPG) wiki page for details. https://wiki.ubuntu.com/MultiUserManagement


There is another (more complicated) way to do this as well using Access Control Lists (ACLs). Check here and here for more information.

In a nutshell:
apt-get install acl
sarge kernels: filesystems supported -> ext2,ext3,jfs,xfs
etch kernels support: ext2,ext3,reiserfs,jfs,xfs,nfs (with module nfs_acl)
change /etc/fstab options for drive you want to use acls on
ie
/dev/hda5       /pub       ext3    defaults,acl    0       0
cd /pub
mkdir family
setfacl -m d:u::rwx,d:g:family:rw,d:m:rw,d:o:--- family
        this will set the umask of the family directory such that all files created will be -rw-rw----+ and all directories created will be drwxrwS---+. This might not be entirely correct. At the very least, NFS has to be configured for ACLs, or an NFS server on Sarge and NFS Client in Etch can't handle ACLs.
"getfacl family" will show you the permissions.
  • Good information James. Maybe move ACL stuff to a separtate page like ?FilesystemAccessControlLists and reference it from this how to? MultiUserManagement translation may also be of interest for you. Have you subscribed this page?


Web Browser

With squeeze, you will need to enable the backports repository to have an extended support release (ESR) version of the mozilla browser on your system. (Follow the instructions on http://mozilla.debian.net)

For secure and sane browsing, install the following extensions with the debian package manager: xul-ext-noscript (clean companies from default whitelist), xul-ext-adblock-plus (disable its default whitelist), xul-ext-cookie-monster, xul-ext-https-everywhere, xul-ext-useragentswitcher(set genericly), and xul-ext-refcontrol(set to block). The squeeze packages of these add-ons are too old for the ESR browser versions, so you need to install these add-ons through the mozilla Add-ons tool (menu entry).

Disable third-party cookies, enable deletion of cookies when closing the browser (or disable all cookies), and delete the all cookies you where already fed with against your independence.

The add-ons HTTPS-Finder and ?RequestPolicy (remove the companies it sneaks into your whitelist) may only be available through the Add-ons download.

If you need to use the flashplugin-nonfree, it is in the non-free repository, and consider installing the betterprivacy extension.

Stop the browser from sending a hash of every Site you visit to google (ready to be added to your hashed browsing track) by disabling the options flagged as "block reported forgery and attack sites" in the security properties.

Disable the search engine "support" and of course the custom google startpage, to prevent the browser from connecting there everytime you start the browser or search something and identifying you reliably in the process.

See https://panopticlick.eff.org to find out how generic your fingerprint on the web really is, and monitor your firewall logs to even get to know the strange places your computer connects to.

Consider BFilter. http://bfilter.sourceforge.net (newer Packages: http://wiki.ubuntuusers.de/bfilter)

Additional packages you may want to install

Use apt-get install <packagename>, or the synaptic package manager to find, select and install the following packages:

  • firmware-linux* (from non-free repository may be needed even to install with certain hardware)
  • apt-get install -t squeeze-backports libreoffice (apt-get required as long as synaptic won't handle backports dependencies)
  • synaptic (not included with the Xfce desktop)
  • preload (will preload often used programms into ram)
  • mc (midnight commander, a console filemanager)
  • a ssh-askpass package (lets ssh use a graphical password prompt window when run under X)
  • geeqie (fast picture viewer)
  • vlc, browser-plugin-vlc, freetuxtv (video player)
  • parcellite (clipboard manager)
  • autokey (keyboard shortcuts)
  • zim (mangaging notes) + scrot (for screenshot plugin) Put "zim --plugin trayicon" in autostart.
  • goldendict-worldnet (english dictionary, and trans-de-en current selection with hotkey)
  • ding + trans-de-en + agrep (translations)

User

Set up checking of the local /var/mail/<user> mailbox (e.g. add a mail notification icon to the panel).

Depending on the chosen desktop environment, your habit and the strain on your fingers, you may have to enable/disable single-click file opening in the file browser's preferences.

If you need a specific program that is not in the repositories, or installed stable and need a more recent version of a program, refer to DebianSoftware.

If you want to adjust system wide defaults for all users, refer to DesktopDefaultSettings.

Desktop Specific Adaptions

Gnome

To create network shares with Gnome's nautilus, install package "nautilus-share".

To enable the greyed "Password: not asked at login" option for users in System > Administration > Users and Groups (Needed for (guest) account switching in addition to auto login.): Create the nopasswdlogin group,

sudo addgroup --system nopasswdlogin

and add the following to gdm's pam config in /etc/pam.d/gdm:

auth sufficient pam_succeed_if.so user ingroup nopasswdlogin

Make sure this line goes right before the "@include common-auth" line. You can use 'sudo adduser <user> nopasswdlogin' to add a user to the group.

Xfce

For network browsing, install gvfs-backends and gvfs-fuse and add your users to the 'fuse' group (sudo adduser <user> fuse). In squeeze, you also need to install and use gigolo, because the thunar file browser version in squeeze is not yet able to browse network shares (windows/cifs) directly.

This plugin is needed to create network shares with Xfce's thunar. Workaround: define custom actions (adjust the permissions (setguid) according to the samba section above).

Install catfish to be able to search for files.

In wheezy, you can get rid of the space consuming "dock" thing by adding the desired starters to Pannel 1 and deleting Panel 2 in the Pannel settings. You can move the panel to another location on the desktop while it is unlocked it in its settings.

For passwordless user swiching, you may create and enable a nopasswdlogin group as described for gnome, if you are using gdm (the default).

Up to debian wheezy on laptops with touchpads, you may want to add an autostart item that configures tap-clicking:

/usr/bin/synclient TapButton1=1 PalmDetect=1

If you want gui configuration tools, you may install gnome-disk-utility (palimpsest) and 'apt-get --no-install-recommends install gnome-system-tools'.

As photo manager maybe install shotwell.

Finally

...have fun! And if you encounter bugs search the net, if the bug is not already filed, find the appropriate package and file a bug against it. If it concerns Debian you can use the "reportbug" utility for that.

Starting with wheezy, you can save your systems installation state with apt-clone.