Linux desktops RedHat 9 customization
Author: L.S.Lowe. File: linux9custom. This update: 20050301.
Part of Guide to the Local System.
Also see my Red Hat Enterprise Linux 3
and Red Hat Enterprise Linux 4
customizations pages.
These are the customisations that we apply to our RedHat Linux 9 systems
after doing a RedHat kickstart install, and as needed after that.
The files are distributed using rdist.
Some files are system configurations which are installed in place:
there may be an associated rdist action to restart a corresponding system service.
Other files are simply action scripts in the sense that rdist runs them
after transferring or updating them: these are mostly installed in /root/distrib.
/root/distrib/update
Updates the target RedHat system to the latest application RPMs.
Upgrading to the latest RPMs also takes place as a %post-install operation
when a desktop PC is initially loaded.
/root/distrib/upkern
Updates the target RedHat system to the latest kernel RPMs.
See above.
/etc/hosts
Customised to include local machines to reduce impact of DNS failure.
/etc/hosts.deny
Customised to ALL: ALL.
/etc/cron.allow
Customised to restrict who can use the crontab command (empty file means nobody).
/bin/ll
Provided as an effective alias for ls -l under any shell.
/root/distrib/pineconfrc
Configures /etc/pine.conf for local conventions.
By providing this as a script, we avoid having to re-write every time
pine is upgraded.
/root/distrib/afsrpmrc
Loads the openafs RPM if necessary.
/root/distrib/afsconfrc
Configures AFS cell and cache.
/root/distrib/anacronrc
Removes /usr/local directories from search PATH in /etc/anacrontab.
/root/distrib/cronrc
Deactivates cron actions in /etc/cron.d/ and /var/spool/cron/ for packages we don't use yet.
/root/distrib/chkconfigrc
Configures local services on or off using /sbin/chkconfig.
/root/distrib/hostnamerc
Configures hostname in /etc/sysconfig/network to have a consistent case and format across machines.
/root/distrib/fontsrc
Changes the order of preference in /etc/X11/fs/config to choose 100dpi fonts before 75dpi ones.
/etc/sysconfig/desktop
Set the default displaymanager to KDE.
/root/distrib/iptablesrc
Chooses correct iptables setup for the target host.
/etc/sysconfig/iptablesdt
The normal configuration for /etc/sysconfig/iptables on our desktops.
/root/distrib/passgr
Merges local groups into /etc/group.
/root/distrib/passpw
Merges local users into /etc/passwd.
/etc/sysconfig/static-routes
Static routes for our desktops (if any).
/root/distrib/fstabrc
Merges local /etc/fstab.{nfs,usb}* files into /etc/fstab.
/etc/fstab.nfs*
NFS entries to be merged into /etc/fstab
/etc/fstab.usb*
USB entries to be merged into /etc/fstab, like /mnt/usbdisk.
/etc/cron.daily/bham*
Local daily tasks.
/etc/log.d/conf/logwatch.conf
Customised so I'm not inundated by emails from logwatch on every desktop PC each morning:
just the important bits.
/etc/log.d/conf/services/sendmail.conf
See above.
A particular irritation is when logwatch sends information about the sendmail log
entries corresponding to the email it sent me about the sendmail log entries yesterday!
Removing this file or modifying what it looks for will fix this problem.
/etc/rc.d/rc.local
Local startup tasks.
/etc/skel
Customized initial home directory files for new users.
/etc/logrotate.conf
Customized log rotation to keep logs by month and for longer.
/etc/mailcap
Customised /etc/mailcap calls /usr/local/bin/pdfviewer rather than /usr/bin/xpdf for PDF files,
allowing a user environment variable to choose between xpdf and acroread.
Also customised for OpenOffice equivalents to ms-word,
ms-excel and ms-powerpoint.
/etc/mailcap is used by the pine mail client by default,
also by mozilla if plugger doesn't get in the way first.
/etc/profile
A worthy addition to /etc/profile or /etc/profile.d/something is
a check to see if the $HOME file system is full. A full $HOME can lead
to several insidious errors without necessarily showing any relevant error message.
For example, when logging on to a server with a full $HOME file system,
ssh X11 forwarding can't be properly set up because $HOME/.Xauthority cannot be updated,
and when you later start an X application, you get the message:
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
/root/distrib/plugfixrc
Effectively disables the plugger application -
could have removed the RPM.
Mozilla and galeon helpers work much more snappily and reliably without it!
/etc/syslog.conf
Customized system logging.
/etc/X11/xdm/kdmrc
Change the font size and heading text on the kdm login panel.
/root/distrib/kdmlistenrc
For hosts that I want to provide a local X-terminal XDMCP listener service,
this configures file /etc/X11/xdm/kdmrc to set Enable=true.
/etc/X11/xdm/Xaccess
Configured to limit access to XDMCP service to local X-terminals
(access also limited by iptables).
/usr/bin/ps2epsi
This fix is required as the supplied version provokes a sed problem, see
this report, of unescaped tildes in sed commands.
Needs ~ to become \~ in two instances.
/usr/lib/mozilla/plugins/libflashplayer.so
Symbolic link to the macromedia flash plug-in, triggers installation
of the flash package for mozilla (download links
here).
/usr/lib/mozilla-1.4.2/defaults/pref/unix.js
Customised mozilla to add pref calls for local printers and a print.printer_list.
Also similar for firefox browser.
/usr/share/applicatbham
Directory containing our local applications directories,
which are linked in to /var/lib/menu/kde/Applications.
/usr/share/icons/BHAM*
Extra local icons.
/usr/share/config/kcmartsrc
Added to configure the artsd sound server:
for example to turn off artsd completely by preventing it starting at KDE logon,
or to have a shorter suspend idle time.
The options can also be configured on a user-by-user basis by using
KDE Control Center -> Sound & Multimedia -> Sound System -> ARTs,
and the kcmartsrc file so created in $HOME/.kde/share/config could be used
as the model for the system-wide file.
/usr/share/config/kcmdisplayrc
Customized to use energy saving DPMS modes on monitors by default.
Customized so as not to exportKDEColors by default.
The original default gives rise to X11 resources being set up, which appear in a xrdb -query,
for applications like nedit and xwp/wordperfect which the user might never use, and sneakily also sets kprinter
as the default printer setting for acroread and gv.
The user can set the original default back if s/he wishes using KDE Control Centre -> Appearance & Themes -> Colors/Colours -> Apply colors to non-KDE applications.
The resource files are in /usr/share/apps/kdisplay/app-defaults.
/usr/share/config/kdeglobals
Customized so that by default a single-click is required to start an application from an icon
rather than a double-click. I'm not in favour of this retro double-click!
Also change default Widget style.
Change the shortcut key combination for ending a KDE session
from Alt-Ctrl-Delete to Alt-Ctrl-End:
Ctl-Alt-Del is used by MS Windows client viewers to terminal servers, and users don't
want to have to learn new shortcuts just for when they're viewing from Linux.
The file manager konqueror generates previews of files by default,
even when the file might need processing through ghostscript for example,
which is all very nice if it works.
But it's buggy, and kdeinit kio_thumbnail processes using 100% cpu
for hours are not uncommon.
Also, some users might like to retain a meaningful last access time for files.
So turn konqueror previews off by default (is there a better way?):
[PreviewSettings]
MaximumSize=0
file=false
The last line is superfluous provided the MaximumSize isn't overridden.
The user can always turn previews back on using
Settings -> Configure Konqueror -> Previews in the konqueror file manager.
/usr/share/config/kdeprintrc
Change default Printsystem to CUPS: it's what we use,
and it gets rid of those annoying messages
"ypcat: can't get local yp domain: Local domain name not set".
/usr/share/config/kickerrc
Customize our local kicker Panel:
demote those OpenOffice applications back to the start menu where they belong.
/usr/share/config/konsolerc
Remove the Menubar and Toolbar by default from konsole (too confusing for users),
allow Xon/Xoff to work by setting XonXoff=true,
set the default height of the konsole window just a few pixels taller so that we
don't lose the descenders of characters on the bottom line - looks like a
miscalculation by konsole.
/usr/share/config/kpartsaverrc
/usr/share/config/kslideshow.kssrc
Add customised files for these screensavers to show some pictures
rather than "The screen saver is not configured yet" or "No images found",
particularly when the screensaver was chosen randomly.
/usr/share/config/kwinrc
Change the default PluginLib to kwin_keramik,
and window MoveMode and ResizeMode to Transparent rather than Opaque, by default.
/usr/bin/startkde
Customised to add xmessage commands for errors like
Not enough free disk space on /tmp,
rather than just dropping the user back to the login screen without visible comment.
Also avoid using /usr/bin/desktopconv for pre KDE3 conversion - it hangs for some users.
Instead, invokes our local init.kde3, which saves the .kde directory and starts afresh.
Also if /var/lib/menu/kde already exists, don't invoke /usr/bin/desktop-create-kmenu.
At system start-up, and elsewhere (not here as we are in user mode),
we soft-link our two local applications directories into
/var/lib/menu/kde/applications at the top level.
There may be a better way of doing this but I don't know what it is!
/root/distrib/screensaversrc
This renames files in
/usr/share/apps/kscreensaver/ScreenSavers/
like KSolarWinds.desktop and KFountain.desktop
to a non-desktop suffix, so that they aren't chosen by the random
screensaver choice, and don't appear in the screensaver chooser panel.
Some screensavers like SolarWinds are just too busy!
/root/distrib/xfreerc
This chooses between several /etc/X11/XF86Config.versions according to the target,
to set up the X server, and sets the default runlevel in /etc/inittab to 5.
It may be necessary to configure /etc/X11/XF86Config a bit by hand if
the particular keyboard is not our standard layout or language:
our default is Option "XkbLayout" "gb",
and also /etc/sysconfig/keyboard contains KEYTABLE="uk"
for text-mode sessions.
/var/mail
/etc/rc.d/init.d/sendmail
A customized version of the sendmail init script,
which doesn't start or kill the sendmail port 25 listener if DAEMON=no.
/etc/sysconfig/sendmail
Configuration file which sets DAEMON=no and SMQUEUE to 5 minutes
(this is the queue retry time for the submit sendmail daemon).
/etc/mail/submit.mc
A customized version of the sendmail local submit configuration.
By default in RedHat 9,
a mail client (such as pine) invokes /usr/sbin/sendmail which
runs under user:group smmsp:smmsp (using configuration submit.mc)
to send email to localhost port 25.
A sendmail daemon (running under smmsp:smmsp and using configuration submit.mc)
runs to retry any mail that failed to get through to this local port,
sitting in the /var/spool/clientmqueue directory.
Another sendmail daemon (which uses configuration sendmail.mc)
is configured to listen on localhost port 25
and do the real work of mail relaying:
forwarding email to the local mail hub or to the big wide world,
first enqueuing it in /var/spool/mqueue.
Only if this host is a mailhub would it be configured to listen on
0.0.0.0:25 to receive email from the big wide world.
For our desktop clients, having a sendmail daemon listening to
localhost port 25 and running in root mode is not necessary.
So the submit.mc configuration file is set up so that the
email is forwarded to the local mailhub in one hop.
This has the side advantage that mailq -Ac will actually
show if mail is for some reason still on the local desktop - not possible if
the mail has disappeared and gone into the port 25 listener.
We just then have the one sendmail daemon (non-root, using the configuration submit.mc)
to retry emails which failed first time to the local mailhub.
/etc/cups/ppd/*
/etc/cups/lpoptions
/etc/cups/printers.conf
/etc/cups/cupsd.conf
Various CUPS printer system files distributed for our desktop systems.
/usr/local
Distributed files for our local desktops.
/usr/local/bin/acroread
This wrapper script is present to fix several problems with Adobe acroread.
First it unsets the LANG variable to allow acrobat 5 to work,
avoiding Warning: charset UTF-8 not supported message and abort.
Also, mozilla invokes acroread (or our pdfviewer script)
without a current directory, which causes the binary to fail,
so the acroread wrapper script does a cd "$PWD" which fixes the problem if invoked by mozilla,
and is harmless otherwise.
Also we have a feature to put debugging into effect (option -DEBUG acrodebug)
if the file /tmp/acro.debug exists.
/opt/Acrobat4
/opt/Acrobat5
Acrobat 4 and 5 acroread installations. These are as downloaded from
Adobe.
Also, to avoid an error with some PDFs
(message says An error has occurred that may be fixed by installing the latest version of the Korean Language Support package)
we have installed the Adobe
Korean font package.
/opt/RealPlayer8 and /opt/RealPlayer-10
The RealPlayer8 package, plus RV9 codecs,
and the RealPlayer10 package,
downloaded via this Netscape/Mozilla plugins web page.
Note that in order to get this to work on RedHat 9, it is
necessary to export LD_ASSUME_KERNEL=2.2.5 in the local
realplay interface script,
because of a threads problem,
and to ensure the artsd daemon is disabled or suspended (artsshell suspend)
while realplayer is running.
Although artsd starts with autosuspend 60 by default,
that doesn't mean that it's in the suspend state when you want it to be!
(Arts can be configured or turned off in a kcmartsrc file or
using Control Center: see above).
Alternatively could use the artsdsp command to start realplay - haven't tried that yet myself.
/usr/lib/ICAClient
Triggers installation of the ICAClient rpm.
A customisation I have had to apply in our script which invokes the ICA client
is to disable the artsd daemon or suspend it (artsshell suspend)
while the ICA client is running (see realplayer comments above).
This appears to be necessary even if sound is disabled
in the user's ICA client configuration.
Otherwise a terminal server session can hang just after the point where
the user has logged in but before any desktop icons appear:
an strace shows that opening /dev/dsp was the last operation.
/usr/bin/opera
/usr/java
packages downloaded from Sun here.
/usr/bin/gmplayer
packages downloaded from
here
/usr/bin/X11/xv
/usr/pbs
The above files trigger installation of the corresponding package RPM(s).
L.S.Lowe
Birmingham Particle Physics Group