Differences between revisions 82 and 83
Revision 82 as of 2012-06-17 11:42:44
Size: 10027
Comment:
Revision 83 as of 2012-06-17 12:44:58
Size: 10145
Comment:
Deletions are marked like this. Additions are marked like this.
Line 45: Line 45:
For secure and sane browsing install the following extensions with the debian package manager: xul-ext-noscript, xul-ext-adblock-plus, xul-ext-cookie-monster, xul-ext-https-everywhere, xul-ext-useragentswitcher, and xul-ext-refcontrol. (The squeeze packages are too old for recent browsers, so you need to get them through the Add-ons download.) For secure and sane browsing install the following extensions with the debian package manager: xul-ext-noscript (clean companies from default whitelist), xul-ext-adblock-plus (disable its default whitelist), xul-ext-cookie-monster, xul-ext-https-everywhere, xul-ext-useragentswitcher, and xul-ext-refcontrol. (The squeeze packages are too old for recent browsers, so you need to get them through the Add-ons download.)
Line 47: Line 47:
The requestpolicy add-on may only be available throught the Add-ons download. The requestpolicy add-on may only be available throught the Add-ons download (don't accept companies into your whitelist).

This is a community maintained list of things to do in order to get an appealing DebianDesktop. Your goal is to integrate things into debian and shorten this list.

Selecting the Debian Version

Refer to DebianReleases for information about the Debian versions.

Choose DebianStable, if you want the Computer to just work for a prolonged period of time, without the risk of new packages breaking your habbits or workflow. You may still install selected packages from http://backports.debian.org and http://mozilla.debian.net to get newer versions of specific programms and always use a current web browser.

However, if it is really important to you to always have recent versions of all the software you installed, and you are fine with constantly downloading and installing updates that may stir up a bug every once in a while, you may choose DebianTesting (see that page for more info).

Selecting a Desktop Environment

To select the desktop environment that the debian-installer installs, enter "Advanced options" on the boot screen and scroll down to "Alternative desktop environments". Otherwise, debian-installer will choose Gnome.

KDE is of course a renown heavy alternative.

Xfce is a fast and light alternative, and especially suited if you where using Gnome 2 and find Gnome 3 disappointing.

For older computers consider using LXDE or Xfce, because they are less resource hungry then Gnome or KDE.

Installing

System

Leave the root password empty, to use sudo with your regular password for system administration.

Consider setting RAMRUN and RAMLOCK to "yes" in /etc/default/rcS.

With "green" harddisk models or on laptops, install laptop-mode-tools and set CONTROL_HD_POWERMGMT=1 in /etc/laptop-mode.conf, to stop them from parking/unparking the heads every 8 seconds (clicking noise). (On NON-mobile devices you may even consider using a tool like idle3ctl to prevent load cycling alltogether.) See 'smartctl -a /dev/sdX' for your current Load_Cycle_Count.

If you need a specific program that is not in the repositories, or installed stable and need a more recent version of a program, refer to DebianSoftware.

Consider enableing single-click file opening in the file browser preferences.

If you want to adjust system wide defaults for all users, refer to DesktopDefaultSettings.

Web Browser

Follow the instructions on http://mozilla.debian.net to keep a recent web browser installed on your system.

For secure and sane browsing install the following extensions with the debian package manager: xul-ext-noscript (clean companies from default whitelist), xul-ext-adblock-plus (disable its default whitelist), xul-ext-cookie-monster, xul-ext-https-everywhere, xul-ext-useragentswitcher, and xul-ext-refcontrol. (The squeeze packages are too old for recent browsers, so you need to get them through the Add-ons download.)

The requestpolicy add-on may only be available throught the Add-ons download (don't accept companies into your whitelist).

Consider the betterprivacy extension (Add-ons download) if you need to use the flashplugin-nonfree (non-free repository).

Stop the browser from sending a hash of every Site you visit to google (ready to be added to your hashed browsing track) by disabling to block reported forgery and attack sites in the security properties.

Disable third-party cookies, enable deletion of cookies when closing (or disable all cookies), and delete the all cookies you where alread fed with against your independence.

Disable untrustable search engine "support" and of course the custom google startpage, to prevent the browser from connecting home everytime you start the browser or search something to identify you reliably. See your firewall logs to find out all the strange places your browser connects to.

Enable users to create (windows/cifs) network shares

Install samba (if not present already), then "sudo adduser <username> sambashare" to allow <username> to create file shares.

In squeeze, you also need to edit /etc/samba/smb.conf to be able to allow guest access to shares. Add

usershare allow guests = yes

to the global section, and

map to guest = bad user

below the line "; security = user".

If your router does not resolve local hostnames correctly, and your ISPs DNS servers respond with false IPs instead of returning "unknown", also enable the "name roslve order" line (remove the ";") and move "host" to the end of the list.

Additional packages you may want to install

Use apt-get install <packagename>, or the synaptic package manager to find, select and install the following packages:

  • firmware-linux* (from non-free repository may be needed even to install with certain hardware)
  • synaptic (not included with the Xfce desktop)
  • preload (will preload often used programms into ram)
  • mc (midnight commander, a console filemanager)
  • a ssh-askpass package (lets ssh use a graphical password prompt window when run under X)
  • geeqie (fast picture viewer)
  • vlc, browser-plugin-vlc, freetuxtv (video player)
  • parcellite (clipboard manager)
  • autokey (keyboard shortcuts)
  • zim (mangaging notes) Put "zim --plugin trayicon" in autostart.
  • goldendict-worldnet (english dictionary, and trans-de-en current selection with hotkey)
  • ding + trans-de-en + agrep (translations)
  • shotwell (photo manager)

Locally Shared (Group) Directories

This explains how to easily share files, pictures, shared documents, etc. on a multi-user system (family PCs, servers etc.).

Because Debian uses a user private group (UPG) scheme by default, the default permissions for new files (umask) can be set to allow write access to the group by default. Explanation at RedHat website.

To create groups use "addgroup <GROUPNAME>" as root. For example on your home PC you could create a group "family" and add the appropriate users to it.

Then create a family group directory: Do "mkdir /home/family", give it to the group with "chown :family /home/family" and change its permissions for example with  chmod u+rwx,g+rws,o-rwx /home/family  to a privately shared set-group-id directory (in octal notation: 2770).

Finally, change the default umask to 002. Unless libpam-umask is installed (see below), this has to be set in /etc/profile and /etc/login.defs . Now family group members can work with each other's files in the group directory without permission hassle.

If you've already got an existing directory full of files (pictures/music/whatever), this script might save you some time.

Until bug 646692 is fixed, you need to configure /etc/pam.d/common-session:

session    optional     pam_umask.so usergroups


There is another (more complicated) way to do this as well using Access Control Lists (ACLs). Check here and here for more information.

In a nutshell:
apt-get install acl
sarge kernels: filesystems supported -> ext2,ext3,jfs,xfs
etch kernels support: ext2,ext3,reiserfs,jfs,xfs,nfs (with module nfs_acl)
change /etc/fstab options for drive you want to use acls on
ie
/dev/hda5       /pub       ext3    defaults,acl    0       0
cd /pub
mkdir family
setfacl -m d:u::rwx,d:g:family:rw,d:m:rw,d:o:--- family
        this will set the umask of the family directory such that all files created will be -rw-rw----+ and all directories created will be drwxrwS---+. This might not be entirely correct. At the very least, NFS has to be configured for ACLs, or an NFS server on Sarge and NFS Client in Etch can't handle ACLs.
"getfacl family" will show you the permissions.
  • Good information James. Maybe move ACL stuff to a separtate page like ?FilesystemAccessControlLists and reference it from this how to? MultiUserManagement translation may also be of interest for you. Have you subscribed this page?


Desktop Specific Adaptions

Gnome

To create network shares with Gnome's nautilus, install package "nautilus-share".

To enable the "Password: not asked at login" option for users in System > Administration > Users and Groups (needed for guest account user switching), create the nopasswdlogin group and and enable it in pam by adding

auth sufficient pam_succeed_if.so user ingroup nopasswdlogin

to /etc/pam.d/gdm. Make sure this line goes right before the first line that contains "pam_unix.so"

Xfce

For network browsing, install gvfs-backends and gvfs-fuse and add your users to the 'fuse' group (sudo adduser <user> fuse). In squeeze, you also need to install and use gigolo, because the thunar file browser version in sqeeze is not yet able to browse network shares (windows/cifs) directly.

To create network shares with Xfce's thunar, follow these steps.

Install catfish to be able to search for files.

In wheezy, you can get rid of the space consuming "dock" thing by adding the desired starters to Pannel 1 and deleting Panel 2 in the Pannel settings. You can move the panel to another location on the desktop while it is unlocked it in the settings.

You may create and enable nopasswdlogin group as describen for Gnome, and simply use 'adduser <user> nopasswdlogin' to add users to that group (no need to install gnome-system-tools' users-admin).

Finaly

...have fun! And if you encounter bugs search the net, if the bug is not already filed, find the appropriate package and file a bug against it. If it concerns Debian simply use the "reportbug" utility for that.