This page is here so we can keep a list of things one needs to do in order to install a basic debian-desktop. The goal is to shorten this list integrating things into debian. For more details see the subpages of ["DebianDesktop"].


Boot from a Sarge install CD. Enter "linux26" at the bootprompt to get a 2.6 kernel and udev installed. Then install the base-system to your needs.

When prompted by "tasksel" select the following task:

 * desktop-environment

After base-config is done there are some things left to do:

Default group memberships

Add additional user accounts you may need (with "adduser <NAME>"). (adduser #240855)

You can statically add the users into appropriate groups by iterating "adduser <NAME> <GROUP>".

Yet, a more appropriate way to add many/all users by default is to use pam_group that dynamically adds users to groups during authentification (see below for instructions).

You probably want some users to be members of some of the following groups: audio, plugdev, camera, video, floppy, cdrom, tape and maybe scanner, fax, dip (for "dial-ip", ppp connections to Internet with pon/poff as set up by pppconfig) or dialout (full serial ports/modem access).

Beware, there are some groups you don't want to have your users in! (i.e. like games (for game apps to keep high-scores) or disk (raw disk access), see /usr/share/doc/base-passwd/users-and-groups).

Users that should be allowed to use (pmount'ed) usb sticks etc. need to be a member of the plugdev group.

To enable pam_group you can add it to /etc/pam.d/common-auth like this

echo "auth    optional        pam_group.so" >> /etc/pam.d/common-auth

then configure /etc/security/group.conf similar to this:

login;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video

In GNOME, devices will pop up automatically for users in the plugdev group: IMPORTANT NOTE: This procedure doesn't work anymore on Debian Lenny, does anybody know how to recover it?

KDE 3.3 shipped with Sarge unfortunately does not yet listen to hal-events or support pmount. The devices won't show up automatically. However plugdev users will be able to handle them manualy using pmount/pumount if installed.

In order to make USB pens automaticly appear in KDE 3.3's devices tab (or on the desktop if configured so in Desktop Properties) you can install the updfstab or the hotplug-mount.pl (create an autofs map instead of modifying the fstab) script from http://ccomb.free.fr/wiki/wakka.php?wiki=UsbMassStorageEnglish to handle the automatic mounting.

Shared Directories

This is handy to easily share files, pictures, shared documents, etc. on multi-user systems (family PCs etc.).

Because Debian uses a user private group (UPG) scheme by default, the default permissions for new files (umask) can be set to allow write access to the group.

To create groups use "addgroup <GROUPNAME>" as root. For example on your home PC you could create a group "family" and add the appropriate users to it.

Then create a family group directory: Do "mkdir /home/family", give it to the group with "chown :family /home/family" and change its permissions for example with  chmod u+rwx,g+rws,o-rwx /home/family  to a privately shared set-group-id directory (in octal notation: 2770).

Finally, change the default umask to 002. Unless libpam-umask is installed (see below), this has to be set in /etc/profile and /etc/login.defs . Now family group members can work with each other's files in the group directory without permission hassle.

If you've already got an existing directory full of files (pictures/music/whatever), [http://www.stubbornroses.com/setgid this script might save you some time].


Security Note: It is not always a good idea to change your umask. This will set any new file created as group writable. Depending on what part of the system you're in, this could be a bad thing. UPG Schemes do take most of the worry away; just be cognizant of these facts when you create files in any 'special' directories.

There is another (more complicated) way to do this as well, using Access Control Lists (ACLs). [http://72.14.203.104/search?q=cache:wFfovWzRbZcJ:www.linux-mag.com/2003-09/acls_01.html+shared+directory+permissions+groups+ext3&hl=en&gl=us&ct=clnk&cd=2&lr=lang_en&client=firefox-a Check here] [http://www.udel.edu/topics/os/unix/general/groupsharing.html and here] for more information.

In a nutshell:

apt-get install acl

sarge kernels: filesystems supported -> ext2,ext3,jfs,xfs

etch kernels support: ext2,ext3,reiserfs,jfs,xfs,nfs (with module nfs_acl)

change /etc/fstab options for drive you want to use acls on
ie
/dev/hda5       /pub       ext3    defaults,acl    0       0

cd /pub
mkdir family

setfacl -m d:u::rwx,d:g:family:rw,d:m:rw,d:o:--- family
        this will set the umask of the family directory such that all files created will be -rw-rw----+ and all directories created will be drwxrwS---+. This might not be entirely correct. At the very least, NFS has to be configured for ACLs, or an NFS server on Sarge and NFS Client in Etch can't handle ACLs.

"getfacl family" will show you the permissions.


Information about [http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-users-groups-private-groups.html user private groups]. A pretty good permissions primer can be found at: "http://linsec.ca/filesystems.php"

CUPS Printing System

(default package selection) Install and configure the CUPS printing system packages as described on ["DebianCUPS"].

Start /usr/lib/openoffice/spadmin as root "add printer" and import your printers setup from /etc/foomatic/cups.

Default package selection

(synaptic only recommending)) "apt-get install libgnome2-perl" if you want the Gnome debconf frontend to actually work when you install packages. You may need to configure debconf to use "GNOME" frontend with "dpkg-reconfigure debconf" (Doesn't Synaptic let debconf start in appropriate mode within GNOME?).

(default package selection) Start up Synaptic and find, select and install the following packages:

Are the following actually needed? For what benefit? They are non-free anyway:


Now some configuring:

To actually make use of the private user groups in debian you have to set the default to "umask 002" in /etc/login.defs, /etc/profile and other shell config files, or better: install libpam-umask and you can centrally set a real system wide default umask with a line like this in /etc/pam.d/common-session:

session    optional     pam_umask.so umask=002

(In this case don't forget to remove any umask lines from /etc/login.defs, /etc/profile etc.)

There is currently a bug (Bug #336214) in gdm which will prevent the umask settings above from working if you are using gdm (the Debian default) as your login manager. To work around this bug, edit /etc/gdm/Xsession and add the line

umask 002

just after the line containing "Beginning session setup..."

The central settings for KDE in /etc/kde3 could also need some tweaking:

  ["General"]
  PrintSystem=cups

   ["Paths"]
   Desktop=$HOME
   Trash=$HOME/Trash/

...have fun! And if you encounter bugs search the net, if the bug is not already filed, find the appropriate package and the file a bug against it, if it concerns Debian simply use the "reportbug" utility for that.

Troubleshooting

For manual setup of the graphic you can use dpkg-reconfigure xserver-xfree86.

An alternative automatic configuration of the x-server is to install xdebconfigurator, run it, and then dexconf to generate a valid ["XF86config"].

Things that have already been integrated