Differences between revisions 47 and 48
Revision 47 as of 2006-01-10 10:15:09
Size: 6092
Editor: ?HolgerKrause
Comment: typos: optinal, simmilar, usualy
Revision 48 as of 2006-03-21 21:45:30
Size: 7217
Editor: ?JamesRose
Comment:
Deletions are marked like this. Additions are marked like this.
Line 43: Line 43:
== Shared Directories ==
Line 44: Line 45:
You might want to consider doing this, if you have large directories of music files, pictures, shared documents, etc. For most multi-user systems (family PCs) this is a very appealing idea.

I'm leaving what's written below, but it's probably not a good idea to change your umask. This will set any new file created as group writable. Depending on what part of the system you're in, this could be a bad thing. This is a problem I've yet to find a solution for, so if anyone knows a better answer, please add it, and if I'm over-reacting, feel free to say so on this page.

Most common Linux filesystems (AFAIK) don't have the ability to change the umask on a per-directory basis. It doesn't appear possible for the umask to be set in fstab for a modern filesystem (at least I haven't figured out how with nfs,ext3,jfs,xfs...). libpam-umask, doesn't seem to address the problem either (although it does allow an easy place for a per-user umask).

{{{
Line 45: Line 53:
}}}

For reference, a pretty good permissions primer can be found at: "http://linsec.ca/filesystems.php"
Line 47: Line 58:
== CUPS Printing System ==

This page is here so we can keep a list of things one needs to do in order to install a basic debian-desktop. The goal is to shorten this list integrating things into debian. For more details see the subpages of ["DebianDesktop"].


Boot from a Sarge install CD. Enter "linux26" at the bootprompt to get a 2.6 kernel and udev installed. Then install the base-system to your needs.

When prompted by "tasksel" select the following task:

 * desktop-environment

After base-config is done there are some things left to do:

Add additional user accounts you may need (with "adduser <NAME>"). (adduser #240855)

You can statically add the users into appropriate groups by iterating "adduser <NAME> <GROUP>".

A more appropriate way to add many/all users by default is to use pam_group that dynamically adds users to groups during authentification (see below for instructions).

You probably want some users to be members of some of the following groups: audio, plugdev, camera, video (nvidia drivers?), floppy, cdrom, tape and maybe scanner, fax, dip (for "dial-ip", connect to Internet with pon/poff as set up by pppconfig) or dialout (full serial ports/modem access). Beware, there are some groups you don't want to add users to! (i.e. like games or disk, see /usr/share/doc/base-passwd/users-and-groups).

Users that should be allowed to use (pmount'ed) usb sticks etc. need to be a member of the plugdev group.

To enable pam_group you can add it to /etc/pam.d/common-auth like this echo "auth    optional        pam_group.so" >> /etc/pam.d/common-auth

then configure /etc/security/group.conf similar to this:

login;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video

In GNOME, devices will pop up automatically for plugdev users.

KDE 3.3 shipped with Sarge unfortunately does not yet listen to hal-events or support pmount. The devices won't show up automatically, however plugdev users will be able to handle them manualy with pmount/pumount if installed. In order to make USB pens automaticly appear in KDE 3.3's devices tab (or on the desktop if configured in Desktop Properties) you can install the updfstab or hotplug-mount.pl (dynamicly reconfigures autofs) script from http://ccomb.free.fr/wiki/wakka.php?wiki=UsbMassStorageEnglish (try to copy the URL into a new browser window if clicking on it does not work).

Shared Directories

You might want to consider doing this, if you have large directories of music files, pictures, shared documents, etc. For most multi-user systems (family PCs) this is a very appealing idea.

I'm leaving what's written below, but it's probably not a good idea to change your umask. This will set any new file created as group writable. Depending on what part of the system you're in, this could be a bad thing. This is a problem I've yet to find a solution for, so if anyone knows a better answer, please add it, and if I'm over-reacting, feel free to say so on this page.

Most common Linux filesystems (AFAIK) don't have the ability to change the umask on a per-directory basis. It doesn't appear possible for the umask to be set in fstab for a modern filesystem (at least I haven't figured out how with nfs,ext3,jfs,xfs...). libpam-umask, doesn't seem to address the problem either (although it does allow an easy place for a per-user umask).

To create new groups use "addgroup <GROUPNAME>". For example on your home PC you could create a group "family" and add the appropriate users to it. You can then make a family group directory: Do "mkdir /home/family" as root, give it to the group with "chown :family /home/family" and change its permissions "chmod 2770 /home/family" to make it a privately shared set-group-id directory. Finally, change the default umask to 002 (unless libpam-umask is installed, this has to be set in /etc/profile and /etc/login.defs). This way group members can work with each other's files in the group directory without permission hassle.

For reference, a pretty good permissions primer can be found at: "http://linsec.ca/filesystems.php"

CUPS Printing System

(default package selection) Install and configure the CUPS printing system packages as described on ["DebianCUPS"].

Start /usr/lib/openoffice/spadmin as root "add printer" and import your printers setup from /etc/foomatic/cups.

(default package selection (synaptic only recommending)) "apt-get install libgnome2-perl" if you want the Gnome debconf frontend to actually work when you install packages. You may need to configure debconf to use "GNOME" frontend with "dpkg-reconfigure debconf" (Doesn't Synaptic let debconf start in appropriate mode within GNOME?).

(default package selection) Start up Synaptic and find, select and install the following packages:

  • anacron (desktops/laptops don't usually run all the time (at night, weekends, etc.) (alternatively fcron?)
  • If you need localized fonts: xfonts-base-transcoded and xfonts-*dpi-transcoded
  • zip and unzip
  • mc (midnight commander console filemanager)
  • ssh-askpass (lets ssh use a graphical password prompt window when run under X)

Are the following actually needed? For what benefit? They are non-free anyway:

  • x-ttcidfont-conf (needed for the next)
  • msttcorefonts (to display some webpages and documents correctly)


Now some configuring:

To actually make use of the private user groups in debian set "umask 002" in /etc/login.defs, /etc/profile and other shell config files, or better: install libpam-umask and you can centrally set a real system wide default umask with a line like this in /etc/pam.d/common-session:

session    optional     pam_umask.so umask=002

(Additionaly remove all umask lines from /etc/login.defs, /etc/profile etc.)

The central settings for KDE in /etc/kde3 could also need some tweaking:

  • set CUPS as default printing system (Put the following into /etc/kde3/kdeprintrc)

  ["General"]
  PrintSystem=cups
  • If you like, make $HOME to be your Desktop for consistency. (Put the following into /etc/kde3/kdeglobals)

   ["Paths"]
   Desktop=$HOME
   Trash=$HOME/Trash/
  • If you need particular KDE system defaults like proxy, javascript and cookie policy etc., set them in the same way, too. http://www.kde.org/areas/sysadmin has more info about the configuration files, including making settings immutable to users.

...have fun! And if you encounter bugs search the net, if the bug is not already filed, find the appropriate package and the file a bug against it, if it concerns Debian simply use the "reportbug" utility for that.

Troubleshooting

For manual setup of the graphic you can use dpkg-reconfigure xserver-xfree86.

An alternative automatic configuration of the x-server is to install xdebconfigurator, run it, and then dexconf to generate a valid ["XF86config"].

Things that have already been integrated

  • autoconfiguration of the xserver