Linux desktops Fedora 12 customization

Author: L.S.Lowe. File: f12custom. This update: 20121001. Part of Guide to the Local System.

This file is intended to be a list of customizations I've applied to a Fedora 12 system (f12). For earlier and later systems, see Contents.

These are applied to our systems after doing a kickstart install, and as needed after that. Packages are installed using the usual yum. Individual files may be distributed using rdist or rsync. Some files are system configurations which are installed in place: there may be an associated rdist action to restart a corresponding system service. Other files are simply action scripts in the sense that rdist runs them after transferring or updating them: these are mostly installed in /root/conf.

Adobe Reader and Flash

The AdobeReader_enu package for Adobe Reader (acroread), and other language variations, and the flash-plugin package for Adobe Flash 10, can be downloaded from the Adobe site. To use Adobe as a YUM repository, first download and install the adobe-release-i386 package: go to and choose YUM for Linux.

If you get warnings on starting acroread (32-bit) from a command line, of the form Gtk-WARNING **: Unable to locate theme engine in module_path, then you need to install the gtk2-engines.i686 package.

In order for Adobe Flash (32-bit) to work, you need to ensure you have got installed the Fedora nspluginwrapper.i686 package. You can install this after flash-plugin, or before, it doesn't seem to matter.

As of early July 2010, the Adobe YUM repository knew about the updated Flash, version, but didn't seem to know about the security issue with Adobe Reader versions 9.3.2 and earlier, which resulted in the release of AdobeReader_enu-9.3.3. So as of that date, this had to be downloaded via non-repository means. As of late August 2010, the Adobe YUM repository knows about Adobe Reader version 9.3.4, and as of early October 2010, it knows about version 9.4.

AFS openafs support

The openafs package and recent openafs kernel modules can be obtained from for Fedora 12. To use atrpms as a YUM repository, first download and install the atrpms-repo package: go to and choose the rpm according to your architecture.

There is a conflict with IMA for openafs-client-1.4.12 and others at kernel level and and others, with the kernel's IMA support (Integrity Measurement Architecture). The log fills with messages like "kernel: ima_file_free: open/free imbalance".

It seems that this may be fixable in the future by a kernel parameter to turn off IMA, or a change in the way openAFS does disk caches, but a circumvention for the moment is to add option -memcache in AFSD_ARGS in file /etc/sysconfig/openafs, to cause use of an in-memory AFS cache.


We have a few local applications and actions, like calling remote servers via ssh and invoking locally-installed programs, and these have icons associated with them. The recommended way of installing icons is to use the xdg-icon-resource command, for example:
  export XDG_UTILS_DEBUG_LEVEL=4 # to give extra information
  xdg-icon-resource install --size 32 /root/png/BHAM-desy.png BHAM-desy
This follows the naming convention that a vendor- prefix should be used for the installed icon; in this example the final argument is superfluous since it matches the icon filename.

Poorly rendered fonts in Firefox 3.x Print and Print Preview: fixed

Some users of firefox 3.5 and 3.6 (including myself!) had a problem whereby a simple html web page without any font settings or CSS would look OK on the screen, but look bad when printed and in Print Preview. The characters were badly kerned and rendered. This didn't happen for new users, on identical machines, though, and nor had it happened on earlier systems with Firefox 2.x. Here is a before and after example:

bad kerning

better kerning

The solution was for the user to remove old historic font definition files using a simple cleanfonts script (below) and then start a new session; of the following, $HOME/.fonts.conf may be the main culprit:

         cd; rm -R .fonts .fonts.cache-* .fonts.conf .fontconfig

Firefox playing video MPEGs

I found that when playing a video/mpeg file, in my default KDE environment, firefox would default to using KDE's Dragon player; however this does not stream, causing a delay before the video plays. On changing the firefox Preferences / Applications setting for MPEG video to Use VLC Multimedia Plugin, this would appear to start to work, but then would give a black screen. It was necessary to install the gecko-mediaplayer package (from ATrpms) and then the video starts to play as required.

(Installation of gecko-mediaplayer using yum also installs gnome-mplayer. The totem-mozplugin package is not required).

ICAClient version 11: Citrix Windows Terminal Server client

We have a Citrix windows terminal server, with Citrix Presentation Server software, which requires a ICAClient package to be installed on our linux systems to access it. In previous Linux systems we have used ICAClient version 9, but this is now rather out of date (2005) and the current version is 11.

I first downloaded the ICAClient-11.100-1.i386.rpm package, free from the web-site Downloads area.

In order to install this 32-bit package on my 64-bit systems, the following 32-bit libraries were at first missing: This required yum install libXaw.i686 (which also installs libXmu and libXpm as dependencies), and yum install libXp.i686, but this left still required. The Fedora 12 lesstif package provides but not a later version. The openmotif package provides it, indeed the Citrix web-site says that OpenMotif v2.3.1 is required for their client, but it is not available under Fedora 12 for licensing reasons. It is however available from Scientific Linux 5 and CentOS 5 sites, and the versions there are compatible with Fedora 12 in this case. So with that installed, the ICAClient-11.100-1.i386.rpm package installs cleanly.

There is then an error when you run /usr/lib/ICAClient/wfica or /usr/lib/ICAClient/, as follows:

Warning: Missing charsets in String to FontSet conversion
Warning: Unable to load any usable fontset
Error: Aborting: no fontset found
Advice on the web is to set LANG=C in place of (say) en_US.UTF-8, and that can be done by inserting export LANG=C in shell script /usr/lib/ICAClient/, or in my case in our local script /usr/local/bin/wts. Using unset LANG in those places is equally effective.

On moving from ICAClient version 9 to version 11, I found all the users' drive mappings didn't work. On making a trivial (non-)change in their settings in wfcmgr, and clicking Apply to cause them to be re-saved, they all worked again, so I guess there has been an incompatible parameter change in the ini files for the ICA client between version 9 and 11.

I then found a 15 second delay in connecting to the terminal server, during which time the Citrix splash screen is displayed. During this time, the client is sending out UDP broadcasts to the icabrowser port (port 1604), and just the terminal server machine responds, and 3 probes are going out at 5 second intervals, whereas previously (older system, older ICAClient) it was at 1 second intervals, and so wasn't seen as a problem. This was resolved by setting the client wfcmgr setting Properties -> Network -> Server Location to the DNS name of my terminal server, as well as that being the Destination name. The same exchanges then take place but without using broadcasts and without the delays.

A bug/feature of the new setup with ICAClient-11 is that when viewing a drive-mapped directory on the Windows system, using say Windows Explorer as usual, ordinary directories and files work fine, but attempts to access files which are symbolic links to other linux files or directories fails. These symbolic (or soft) links were created on the Linux system using the usual Linux command ln -s. Clicking on such files gives the error Filename is not accessible. The parameter is incorrect. On the other hand, shortcuts created by Windows on the drive-mapped directories continue to work on Windows, and create .lnk files, but of course they are not recognised as links by Linux. This is a ICAClient problem not present in ICAClient version 9, as I have not changed the software on the Windows system, which remains Metaframe Presentation Server.

The circumvention for that security feature is to be found on this forum page. That worked for me: in fact I only needed to tweak wfclient.ini, as the other file was already configured as required.

ICAClient version 10 tests

I repeated the above steps but using ICAClient version 10.6. This required, which I found came with an earlier openmotif package, openmotif-2.2.3, which is available from Scientific Linux 4 and CentOS 4 sites. This installs if you specify the rpm --nodeps option, into directory /usr/X11R6/lib, and since this is no longer a usual directory in Fedora 12 (or SL5 for that matter) it is necessary to set export LD_LIBRARY_PATH=/usr/X11R6/lib in the invoking script (eg for it to start up successfully. This mostly works; it has the same symbolic link security feature as ICAClient version 11 (above).

ICAClient version 9 tests - success!

I repeated the steps again but using ICAClient version 9.0.1 (the original version, on my older PCs/servers). This required, so all of those were available in Fedora 12 except, as before, and therefore this also required openmotif-2.2.3, which is available from Scientific Linux 4 and CentOS 4 sites, as for ICAClient version 10 (above). As above, this installs if you specify the rpm --nodeps option, into directory /usr/X11R6/lib, and since this is no longer a usual directory in Fedora 12 (or SL5 for that matter) it is necessary to set export LD_LIBRARY_PATH=/usr/X11R6/lib in the invoking script (eg for it to start up successfully. This works well for my Fedora 12 PCs, just as on my older PCs, including the ability to follow Linux symbolic links within drive-mapped directories on the Windows system, so I shall stick to this version unless/until a work-around becomes apparent for the later ICAClient versions.

KDE Global shortcuts

The default KDE global shortcut for Logout is Ctrl+Alt+Del, which clashes with what the user expects when running a Windows Terminal Server window within the KDE session. To change this, go to KDE System Settings, General, Computer Administration, Keyboard & Mouse, Global Keyboard Shortcuts, KDE component Run Command Interface, and change the definition.

It does not seem to be possible to change this for all users, yet (KDE 4.4.0). The file to change ought to be /usr/share/kde-settings/kde-profile/default/share/config/kglobalshortcutsrc but, as noted by this Red Hat bug report, and a comment in the file itself, this file is apparently ignored.

KDE use of ~/Documents directory

This seems to be flawed as of KDE 4.3 and 4.4. See bug reports on of Bug 183534, Bug 201072, Bug 203495, and Bug 230310 (mine!): Many KDE processes have initial working directory ~/Documents not $HOME.

Also see so-called Bug 108510, the patch for which may well be the source of all the trouble, as it turns out.

Use with EVO video-conferencing application

The video window VieEVO component of EVO version 1.5.x and 2.0.0 does not work under Fedora 12 with an NVidia graphics card and the default nouveau graphics driver. EVO version 1.5.x has the message "No OpenGL detected" in the AV controls Video window. EVO version 2 doesn't work either: the Tools -> Video -> Advanced window information states OpenGL Vendor: Mesa Project, Version: 1.4 (2.1 Mesa 7.7.1-DEVEL, Renderer: Software Rasterizer, but no video window appears, even if Disable OpenGL is set in that window. The nouveau driver doesn't have working OpenGL support, as yet, by the looks of it (as of package xorg-x11-drv-nouveau-0.0.15-21.20091105gite1c2efd.fc12.x86_64).

To suppress the loading of the nouveau driver during boot-up, which is a prerequisite for a different graphics driver to access the graphics device, it was necessary to remove rhgb quiet and add nouveau.modeset=0 to the kernel line in the /boot/grub/grub.conf file.

With the nvidia driver downloaded from the web-site and installed, the problem didn't occur with EVO version 2, but EVO version 1.5.x continued to complain about no OpenGL, oddly. However since EVO version 2 is out of beta soon, this is not a problem.

On a PC with a different install history, EVO's ViEVO window wouldn't appear, even though the Tools -> Video -> Advanced window said that OpenGL was present. But the /tmp/Koala.log file had the line

ViEVO ERR ./vievo: error while loading shared libraries: cannot open shared object file: No such file or directory
which gave the hint to install the SDL.i686 version as well as the x86_64 version. (This may be required because of my use of a 32-bit version of Sun Java).

Note that the OpenGL functionality of the nvidia driver can stop working if the xorg-x11-server-Xorg package is updated at some point by (say) yum, when the X server is next started: after a reboot, for example. This is because that package supplies file /usr/lib64/xorg/modules/extensions/, which in a nvidia driver setup is replaced by a soft-link to a nvidia version-numbered file. On my systems, I detect such an update at boot time and force a re-install of the nvidia software. However, it is probably sufficient simply to re-instate that soft-link from a copy, either every boot or after a yum update. There may be other files provided by the nvidia driver software that a yum update will replace, but I haven't found any others in the current software. Of course, if a new kernel is installed, a new kernel module will need to be built; that too can be detected and performed at boot time.

The audio of EVO (either version) works with my PCs' built-in Intel analogue audio input/output, It also works with a Logitech USB adapter, though it's necessary to use kmix (or alsamixer) to raise the volume of that device from an initial zero. With EVO version 1.5, the received sound on built-in soon deteriorated to Dalek quality on one test; this needs looking at again.

Google Earth

Google Earth (5.1.x) works nicely with either video driver, nouveau or nvidia, though of course it's a lot faster and more efficient in cpu terms with the nvidia driver with its OpenGL support. A slow continuous rotation takes 40-50% of one core with the nvidia driver, not a problem on my quad-core PC, and is very smooth.


The Postscript-to-PDF utilities (like ps2pdf) all use this ps2pdfwr script. The default in Ghostscript is US-letter size paper. By default, even with an A4 Postscript file, a PDF file created by those utilities crops the top of each A4 page. This can be corrected by the user by specifying the papersize in the environmental variable GS_OPTIONS.

But locally I have added export GS_OPTIONS=${GS_OPTIONS:--sPAPERSIZE=a4} near the top of this script, to save the ordinary user some hassle. This way it's easy enough for the expert user to override, on the odd occasions that A4 is not required.


Customized log rotation to keep logs by month and for much longer.



Add customised files for the the kpartsaver.kss and kslideshow.kss screensavers to show some pictures, rather than "The screen saver is not configured yet", particularly when the screensaver is being chosen randomly.

The config file can be set up in user mode by invoking the screensaver with the --setup option, and then moving that file from the user $KDEHOME/share/config/ directory to /usr/share/config so that it applies to all users.


Customized so as not to exportKDEColors by default. The original default gives rise to around 400 X11 properties being set up, which appear in a xrdb -query, for applications like nedit and xwp/wordperfect which the user might never use. The user can set the original default back if s/he wishes using KDE System Settings -> Appearance & Colors/Colours -> Options -> Apply colors to non-KDE applications.

The resource files are in directory /usr/share/kde4/apps/kdisplay/app-defaults/. So an alternative presumably is to comment-out property definitions in those files, or remove unwanted files.


This file maps between mime-types as used by email attachments and browser helpers to the application which should be invoked for such files. /etc/mailcap is used by the pine mail client by default, by mozilla and SeaMonkey, and by Firefox from 2.0 onwards (though not for example by Firefox 1.5).

In this release, all of the 6 mailcap entries present for various mime-types use /usr/bin/xdg-open to invoke the corresponding application. In principle this is a good idea, but which doesn't always work out, when the file being acted upon is a temporary file.

With KDE installed, the application so-invoked for image/* is gwenview, and, because that monitors the file during display to test for changes, it does not cope well when the underlying application then deletes the temporary file! This happens because /usr/bin/xdg-open invokes kde-open, and this command launches a further application like gwenview and then exits immediately, instead of waiting for gwenview to finish. So for image/* I changed the invoked application from /usr/bin/xdg-open to gwenview, and that works without problems.

For OpenOffice equivalents for MS word, MS excel and MS powerpoint, I've added an explicit call to ooffice.

Previously customised for PDF files to call /usr/local/bin/pdfviewer, which allowed a user environment variable to choose between preferred applications, but for the moment I'm leaving this at the mailcap default of calling /usr/bin/xdg-open for this mime-type.

This also is a good place to define the version of javaws to use for application/x-java-jnlp-file, though the most common use of this for my users was for the EVO video-conferencing application, which I now encourage people to start using an EVO desktop panel icon, instead.

For mozilla-type browsers, the variable which defines this file's location can be found in an about:config listing: helpers.global_mailcap_file. There is also the user's personal version at helpers.private_mailcap_file (and you may also find helpers.global_mime_types_file and helpers.private_mime_types_file).

This is a good point to mention that if migrating from previous versions of Linux, personal mailcap files $HOME/.mailcap may contain entries which are no longer valid, and therefore will get in the way of invoking the right application. I have a script cleanmailcap which removes all invalid entries; in practice this generally removes all entries, so it would have been sufficient simply to remove the $HOME/.mailcap file.


This is managed by /sbin/dhclient-script, but options can be configured using /etc/sysconfig/network (so see that) or on an interface-by-interface basis in /etc/sysconfig/network-scripts/ifcfg-ethN.


I've added extra values to this file, like:
 RES_OPTIONS="timeout:3 rotate"
These values are made use of by the /sbin/dhclient-script when the network is started, and used to set corresponding values in /etc/resolv.conf. The SEARCH value goes into a search directive and determines which domains are searched when a name with fewer than n dots (default 1) is looked-up. The RES_OPTIONS value goes into a options directive, and in this case specify the DNS lookup timeout and to rotate queries amongst the DNS servers. For more information on these, see man resolv.conf.

Other techniques for specifying the search order, such as specifying dhcp option 119 in /etc/dhcpd.conf on the dhcpd server, did not work for me, but the above technique works just fine.

CUPS tweaked to avoid printers becoming Not Ready

A problem with the CUPS printing system version 1.4.2 that we didn't used to have on version 1.1.17 is that our printers or the print job seem more prone to get occasional network errors (they all are driven on jetdirect port 9100) and this then causes them to be put in not ready state, as seen by an lpq -P name. (But maybe this always happened and the software didn't notice or had a different response). As it's usually an hour or two before someone complains, an automatic solution to this one is a good idea!

So the symptoms are: a printer is not printing even though there's a queue, lpq reports not ready for that printer, /etc/cups/printers.conf contains separate lines containing State Stopped, StateMessage Printer not responding, Reason paused, and /var/log/cups/error_log contains lines like Unable to write print data: Broken pipe, Backend returned status 1 (failed), Printer stopped due to backend errors; please consult the error_log file for details. .

After several abortive attempts to find anything useful on the web about this, I found this handy article, so at least I knew I wasn't alone! I had already made a fix-up command using the same approach to change the state in the printers.conf file, and there was the alternative of using the cupsenable command instead (not tested), but I was looking for something that didn't involve intervention every time a problem came up. So I used the same method as in the very last paragraph of that page: in /etc/cups/printers.conf, change the ErrorPolicy from stop-printer to abort-job. This CUPS documentation page gives useful information on the options. I might try the retry-job option sometime; the number of retries (default 5) is apparently controlled by the JobRetryLimit in the cupsd.conf file, where also is the JobRetryInterval (default 30 seconds).

In fact this is something that could be configured when a printer is added to the system, such as by using the system-config-printer utility: under Properties / Policies, it's possible to configure the printer error policy. You can configure this later, using the same utility, or by using the cups GUI, but I have known this to change (screw up?) carefully set-up changes elsewhere, so the safest approach when doing it later is to modify the /etc/cups/printers.conf by hand as above, stopping the cups service first of course.

Problem with "unable to open display" when login greeter is kdm

A difference from RHEL4/SL4 is that it appears that the kdm greet daemon sets a XAUTHORITY file variable of the form /var/run/kdm/.Xauthstring, instead of making use of the X-window default: $HOME/.Xauthority. This is then inherited by the kwin window manager (and presumably other window managers, if chosen at logon). So the response you get from a xauth list command at the same time on different PCs can be different, even if they share the home file-system. This caught me out when I was putting a window from one computer running Fedora 12 onto another one (which as it happens was running SL4, though it could equally have been Fedora 12). Here are some responses for a xset q command:
$ DISPLAY=otherpc:0 xset q
No protocol specified
xset:  unable to open display "otherpc:0"
$ DISPLAY=otherpc:0 xset q
Keyboard Control:
  auto repeat:  on    key click percent:  0    LED mask:  00000000
  .. etc ..

I have no particular solution to tackle this generally, although one could presumably unset XAUTHORITY at an early stage. I'll compare it with what you get when gdm is the login greeter (aka DISPLAYMANAGER in /etc/sysconfig/desktop).

Turning off IPv6

IPv6 is the future, but for me it isn't the present, and it's an extra thing to think about, if it is available on a system.

To turn off IPv6 DNS lookups when firefox is being used, which cause unnecessary lookup delays, you can view page about:config and set network.dns.disableIPv6 to true, or add the equivalent in the prefs.js file:

         user_pref("network.dns.disableIPv6", true);

To turn off IPv6 DNS lookups when an ssh client command is used, my local wrapper script uses ssh with the -4 option. An alternative seems to be to put AddressFamily inet in file /etc/ssh/ssh_config, possibly within the scope of a Host declaration.

To turn off IPv6 for the sshd daemon specifically, you can substitute ListenAddress in /etc/ssh/sshd_config file.

You can tell if IPv6 support is generally enabled if the following give some output:

         lsmod | grep ipv6
	 ip a | grep inet6
	 netstat -nutlp | grep ::
The lsmod has a non-zero use count in the default case (but see below). The netstat assumes you've got some services running which might allow IPv6 clients, like rpcbind, or an unconfigured sshd.

Trying various recipes on the web in turn, separately (not together!), to see if they apply to Fedora 12:

Getting A4 paper with xv application

Some of our users use the John Bradley xv application, which is available for Fedora from One thing that users often don't know how to configure is how to set the default paper size to A4, instead of US Letter size ....

We have a wrapper script /usr/local/bin/xv that simply does the following:

         echo 'xv.pspaper: a4' | xrdb -merge
         /usr/bin/xv "$@"

Installation hung problems

Rarely, installation of Fedora can hang at an early phase, after it has retrieved the repository information and checked dependencies, with the Starting installation process progress-bar stuck. If this happens, the problem can persist over repeated attempts for several days! It's as though there is insufficient randomness in the way that a suitable Fedora mirror is chosen, and no fail-over mechanism if the process stalls. I didn't know a way of finding out from the various anaconda installation screens what particular network connection is failing to respond, and there's no netstat or ss or tcpdump command available during anaconda installation, so I did it the hard way by inserting an ethernet bridge between the PC and the wall socket and monitoring traffic from a spare PC also plugged into that bridge, using tcpdump. I found (on this occasion) that there was a connection to that was just occasionally handshaking, not transferring data. So after several failed attempts to do the install, my trick was, at an early stage of the installation, before repositories are chosen, to do a Ctrl-Alt-F2 to get a shell prompt, and type in: route add -net netmask reject. This then got past the stage of installation where it was hanging, presumably because it chose a different mirror, and it then proceeded to completion without problems. (If you get the same problem, don't expect the IP address to be the same!).

Commands autostarted at login

A number of commands of this sort are described by files in /etc/xdg/autostart/ directory. Some of the desktop files there are marked with OnlyShowIn or NotShowIn tags, so that they only start in KDE or GNOME or XFCE, etc, and some aren't, so they start in any environment that uses the xdg autostart mechanism. If you get processes starting at login time which you don't think your session needs, then here is the reason they may be started. Most KDE processes are controlled in a different way, within KDE's System Settings, where they can easily be turned on and off.

Here's a list of such autostart files which (possibly for valid reasons) don't have specific *ShowIn tags on my system: abrt-applet.desktop gnome-keyring-daemon.desktop krb5-auth-dialog.desktop nm-applet.desktop polkit-gnome-authentication-agent-1.desktop pulseaudio.desktop restorecond.desktop sealertauto.desktop xfconf-migration-4.6.desktop.

KDE Dolphin application calls SVN repository

There's a surprising feature of Dolphin that's covered by this discussion here.

KDE Print Screen stops working

Sometimes the KDE Print-Screen key (PrtScn on some keyboards) stops working, until you next login. It should normally invoke the ksnapshot utility. The way around this is to go to Start / System Settings / Input Actions / expand Preset Actions (click on +), and untick and then tick PrintScreen. You could check that the corresponding Action is indeed ksnapshot. Then click on Apply.

The print-screen function key setting will also be found under Keyboard & Mouse / Global Keyboard Shortcuts / component khotkeys.


This document is being updated for Fedora 14.

Birmingham Particle Physics Group