Debian Installation Tips

Hints for installing Debian 3.0 (Woody)

deutsche Version

download printer-friendly PDF-file

Tipps für Etch (deutsch)

Hints for Etch (english)

Tipps für Sarge (deutsch)

Hints for Sarge (english)

About this list
1. Installation kernel
2. Installation sources
3. Package selection after the installation
4. Editors
5. Package management
6. The inet daemon
7. Exim
8. Runlevels
9. Basic packages
10. Documentation
11. User groups
12. PPP configuration
13. X11
14. Configuring X
15. KDE
16. Printing
17. CUPS vs. LPD
18. KDE packages
19. Security with CUPS

20. Package lists
21. Mountpoints
22. CD writing
23. Web browsers
24. Language selection
25. Euro support
26. Euro support on consoles
27. Euro support in X
28. Driver modules
29. Bash completion
30. Bash completion and .bash_profile/.bashrc
31. Compiling programs that need kernel sources
32. Orphaned packages
33. Java
34. Brower plugins
35. Lilo and the framebuffer
36. KMail and spamfilters
37. Multimedia keyboards
38. DMA mode for harddisks and CD-ROMs
39. Firewall / Netfilter / Masquerading

About this list

This list is a collection of steps that I had to do to solve problems during the installation of Debian and to configure the system according to my needs. For some problems the solution was not obvious and I had to search for a long time until I found a way. While some parts are special for my installation, some others (e.g euro support) are more general. There is plenty of other documentation about Debian around on the web, you can find some interesting sites on my links page.

If this list contains errors or if you think that some descriptions are incomplete or not correct, just write me an email. Please note that this document is the only one on my home page available in english, and I am not going to translate any of the other pages.

1. Installation kernel

During installation, Debian selects a 2.2 kernel as default. It is however possible to use the newer kernel 2.4 for installation to get support for more recent hardware and journaling file systems like Ext3 or ReiserFS. To get a list of available options during loading of the installation program, press F1 after booting. F3 will give you a list of available boot kernels. The entry bf-2.4 will load the most recent one (2.4.18).

2. Installation sources

During the installation, you should use the opportunity to add security.debian.org and non-us.debian.org to your list of package sources apart from the main installation sources (CDs in my case). The installation program is able to add these sources on its own, so you won't have to do ist manually after the installation. You can later change your list via apt-setup.

3. Package selection after the installation

You can install further packages with dselect or tasksel after installing the base system. However, dselect is somewhat complicated, and using tasksel you end up installing a lot of packages you don't need. Because of this I skipped these steps and installed further packages via apt-get. The program aptitude gives you a good overview over available packages. Do the following to install it:

apt-get install aptitude

4. Editors

Following editors are available directly after the installation: vi (package nvi) and nano.

5. Package management

The basic programs for package management (apart from dpkg) are apt-get and apt-cache. apt-get installs or removes packages, apt-cache searches the package list.

apt-get install <Name>: installs a package
apt-get remove <Name>: removes a package
apt-get --purge remove <Name>: removes a package and its configuration files.

ATTENTION: If you remove a package with apt-get remove and remove the configurations files manually, they will not be reinstalled if you reinstall the package. So you will normally want to use --purge.

apt-cache search <Keyword>: searches the package database and reports matching packages. Searches package names and descriptions
apt-cache show <Packagename>: gives you detailed information on a package
apt-cache policy <Packagename>: shows available versions of a package

Debian packages can of course also be installed by hand. To do so, use the following command: dpkg --install packagename.deb.

ATTENTION: Sometimes, several packages with the same names can be installed, e.g. "libxaw-dev", in this case you can install "libxaw6-dev" or "libxaw7-dev".

6. The inet daemon

The ined deamon (package netkit-inetd) is part of the base system and cannot be removed easily. In the default settings some services like echo and daytime are activated. However they are not needed on a desktop computer. netstat -l gives you information on all activated services. You can disable them by editing /etc/inetd.conf and commenting out all lines for those services.

7. Exim

Debian will install exim as default mail transport agent. During installation, it can be limited to local transport (option 4). With standard settings, exim is called via inetd. This way, it is however active on all network interfaces. To change this, do the following:
update-inetd --disable smtp disables smtp in inetd.conf. From now on exim will start in standalone mode. Next you should edit the entry local_interfaces in /etc/exim/exim.conf:
local_interfaces = 127.0.0.1
By typing /etc/init.d/inetd restart and /etc/init.d/exim restart the changes will be applied. netstat -l should now report localhost:smtp in exim's line. From now on, exim will only be reachable on the local loopback interface.

ATTENTION: If exim is only needed for delivery of output from cron jobs or system messages, it can be disabled completely. It will no longer be reachable via smtp, system messages are however sent via the mail or sendmail commands, this also works if exim is not running in the background.

ATTENTION: If exim is not supposed to run in standalone mode and if it is desired to be called via inetd, you can either control access via the files /etc/hosts.deny and /etc/hosts.allow or replace the package netkit-inetd by xinetd which supports selection of interfaces.

8. Runlevels

Runlevel organisation on Debian systems is different from all other systems. The principle is quite simple: 0,1(S) and 6 are as expected, 2,3,4 and 5 are all the same and will start the system normally. Default runlevel is 2. There is no special runlevel to boot without X or without network. Debian has a program for configuring runlevels. It is called update-rc.d and is part of the base system. The program rcconf allows you to simply select or deseleect the programs you want from a list.

ATTENTION: If all links to a program in /etc/rc*.d have been removed, it can happen that they are be recreated when the package is reinstalled or upgraded.

9. Basic packages

Some basic packages which are very useful and should be installed right after configuring the base system are less, some compression programs like gzip, zip, unzip, bzip2, rar and unrar. The traceroute package is quite useful for network analysis. Apart from that, anacron should be installed on systems that are not up 24/7. It will execute cron jobs that would have been executed when the computer was turned off.

10. Documentation

The most important documentation packages are doc-linux-text and doc-linux-html. harden-doc is also interesting, it contains the Securing-Debian-Howto. You can find it in in /usr/share/doc/harden-doc/html/.

11. User groups

Debian uses a strict security concept. To allow users to do certain things, they must be members of the respecting group. The most important groups are:

audio: sound card access
dip: Usage of dial in programs like pon/poff
dialout: direct access to serial ports (needed for kppp)
cdrom: CD writer access, usage of audio CDs
games: Write access to high score lists and so on

ATTENTION: Permissions of the cdrom group only apply to CD-ROMs with SCSI emulation (and real SCSI CDROMs). All IDE devices belong to the disk group. It is a good idea to activate SCSI emulation for DVD-ROMs and CD-ROMs or to change the ownership of the device files of the CD-ROMs (not of the hard disks) from root.disk to root.cdrom. It is _not_ a good idea to include users in the disk group to solve permission problems with CD ROMs. Users in the disk group have full and direct read/write access to all IDE devices and SCSI harddisks, their boot sectors and partitions. All filesystem level user/group permissions and limitations will be useless. It is not necessary to be in any special group to mount CD-ROMs, because the mount program always runs with root permissions.

12. PPP configuration

To configure modem connections, you can use the pppconfig program. You can use your dialup connections via the pon and poff commands. To be able to use the ifup and ifdown commands as well, you have to make an entry for your connection in /etc/network/interfaces. For a normal dialup account the entry looks like this:

# PPP interface iface ppp0 inet ppp provider <Name of your connection as chosen in pppconfig>

ATTENTION: Only for T-Online users: Your user name contains a "#". If you enter your user name in pppconfig, everything following the "#" in your user name will be regarded as a comment and be skipped during connecting. To solve this problem, type "\#" instead of "#". This way the symbol will be masked and your complete user name will be sent.

13. X11

To install XFree86, simply install a meta package which depends on all other components via apt-get. Both x-window-system and x-window-system-core are available. These packages contain no programs but only dependencies. x-window-system depends on x-window-system-core and some other packages. My suggestion: choose only x-window-system-core and additionally xfs, xterm, twm and xdm. Thus you have a font server, a terminal emulator, a primitive window manager and a login manager available. This way, some not so essential packages will not be installed. To be able to use the Debian program menu from within your window manager, install the menu package.

14. X Configuration

Apart from configuring the X-server with the builtin tools xf86cfg and xf86config, you have the option to configure the X-server via debconf. During installation, debconf will ask for some information like graphic card type and screen frequencies. You can later recall this dialog with the command dpkg-reconfigure xserver-xfree86.

ATTENTION: Debconf offers to use the kernel framebuffer as default. Obviously I am not the only one who has problems with this setting. If your X-server refuses to start, maybe it is because of this setting.

ATTENTION: The name of the configuration file created by dpkg-reconfigure is XF86Config-4. Other programs create XF86Config. The Xserver (version 4) tries to load XF86Config first. Only if this file does not exist XF86Config-4 will be read. If you used some other configuration program before dpkg-reconfigure, you probably need to remove XF86Config manually.

15. KDE

Additionaly to Gnome, Woody also features KDE. For the installation you should select kde and kdm. To use modem connections, install kppp. There are plenty of other KDE packages available which will not be installed by default. If you want to use kdm as login manager, you can deinstall xdm. To do so, you should use the --purge option because otherwise the initscripts for xdm won't be removed.

16. Printing

I use CUPS for printing. It has some advantages over the old LPD, especially in configuring it. You should at least install the following packages:

cupsys
cupsys-driver-gimpprint
cupsys-client
cupsys-pstoraster

Debian does not offer a configuration utility for CUPS, you can however use CUPS' builtin web interface on http://localhost:631.

17. CUPS vs. LPD

Some programs still expect the old LPD printing system to be installed. There are two possibilities to print from these programs:

1. Installing the cupsys-bsd package: will provide some printing commands like lpr as well as the LPD network interface.
2. Using a CUPS compatible printing command: In KDE you can use the program kprinter, which also provides some features like printing to PS/PDF files or printing only of odd or even pages. To use it, you will probably have to change the print command from lpr to kprinter in all non-KDE-programs. Im Mozilla e.g. via "File/Print.../Properties". Leave the line basically unchanged, simply replace lpr with kprinter. Then klick on "Print" to apply the settings. The kprinter dialog should now appear.

18. KDE packages

Unlike in other distributions, KDE programs are not combined in groups, instead nearly every KDE program has its own package. This allows you to remove unwanted KDE programs like kit (instant messaging). The meta package kde will normally also be removed, this will however not affect other installed KDE packages. apt-get search kde gives you a list of all other KDE packages. In any case you should install the packages kdebase-crypto and kdelibs3-crypto from non-us.debian.org. If you use CUPS for printing, you also need the kdelibs3-cups package. You can then choose CUPS for printing in the KDE Control Center (System/Printing Manager). For volume control, the kmix package ist very useful.

ATTENTION: For german language support in KDE, you must install kde-i18n-de!

19. Security with CUPS

By default, CUPS is active on all network interfaces. If you use your printer on your local computer only or if you export your printer to the network through some different service (like Samba), you can deactivate this functionality. Open /etc/cups/cupsd.conf and search for "Listen". Below some comment, you can very probably find the line Port 631. Replace it with Listen 127.0.0.1:631. Next restart CUPS. netstat -l now should show localhost:ipp in CUPS' line.

ATTENTION: During installation of cupsys-bsd, you are offered to activate the LPD compatibility server. This is only necessary if you export your printer to the network and the other computers only understand the LPD protocol. If your other computers support CUPS or some other IPP compatible printing system, you won't neet the BSD server.

20. Package lists

Apart from the normal installation sources, I added the following entries to /etc/apt/sources.list:

deb ftp://non-us.debian.org/debian-non-US woody/non-US main contrib non-free deb ftp://ftp.nerim.net/debian-marillat stable main deb http://www.openoffice.de/debian woody main deb ftp://ftp.freenet.de/pub/debian-openoffice woody-test main contrib deb ftp://security.debian.org/debian-security woody/updates main contrib non-free

The Nerim server provides a recent version of Mplayer (better than the included and old version of Xine) and now also Acrobat Reader, Flashplayer and Realplayer packages. Openoffice.de does not provide Openoffice, but instead the packages dahb-html or dahb-pdf, a recent version of the Debian User's Guide (sorry, german only). Very good for beginners, you can also read in online on http://www.openoffice.de/linux/buch/. The freenet server has Openoffice packages for Woody.

ATTENTION: mplayer is available in several packages for different architectures, among them mplayer-386, mplayer-586, mplayer-686 and mplayer-k6. Not every packages can run on all architectures. The K6 packages will for example not run on older pentium systems, the 686 packages won't be usable on AMD processors or older Intel systems.

ATTENTION: There are many other sources with packages that didn't make it into the final release of Woody, or that are newer than Woody. You can get an overview on http://www.apt-get.org/. You can also find information on unofficial Apt sources on the homepage of the Debian project.

21. Mountpoints

During installation, Debian only configures your floppy drive and the CDROM drive from which you installed the system. You have to configure other drives on your own. Changing fstab should be no problem. The mountpoints for already configured drives are however located in the root directory (i.e. /floppy and /cdrom). Moving the directories to /mnt and adapting fstab solves this problem, however apt will be confused now (in case you installed from CDROM). To get apt working again, create the file /etc/apt/apt.conf and insert the following line:

Acquire::cdrom::mount "/mnt/cdrom";

The device entry "/dev/cdrom" should be a link pointing to the CDROM device in use, e.g. "/dev/hdc" or "/dev/scd0" (if you use SCSI emulation).

22. CD writing

Most people use IDE CD writers. To make use of one, you will have to change some settings:

All users which are supposed to have access to the CD writer must be members of the cdrom group.
Install some CD writing software. I tried out some programs on Debian Woody, xcdroast (GTK) and cdbakeoven (KDE) seem to be the best ones.
Activate SCSI emulation for your CD writer. Do the following: The ide-scsi module must be loaded. To do this automatically, enter the module in /etc/modules.conf. Now change your bootloader configuration so that the kernel knows for which devices no IDE-CD drivers are to be loaded. The following entry must be made in /etc/lilo.conf: append="hdc=ide-scsi hdd=ide-scsi" (if CDROM and CD writer are both connected to the second IDE port, otherwise you have to change the device names).

ATTENTION: If devices are listed multiple times (e.g. in /proc/scsi/scsi) with activated IDE-SCSI emulation, add this to the append line of your bootloader:

max_scsi_luns=1

23. Web browser

Apart from others, Netscape 4 and Mozilla are included. If you only want to use the Mozilla browser, but not the email and news client, install mozilla-browser and mozilla-psm instead of mozilla.

24. Language settings

To use German as system language, install the locales package. The settings selected during installation are not applied for some reason, but running dpkg-reconfigure locales again and selecting at least de_DE@euro.ISO-8859-15 followed by locale-gen will help.

25. Euro support

Euro support in Debian still does not work out of the box. You have to install some packages first. Most important are euro-support, euro-support-console, euro-support-x, xfonts-75dpi-transcoded and xfonts-100dpi-transcoded. The package euro-support-x only depends on xfonts-75-dpi-transcoded or xfonts-100dpi-transcoded.

26. Euro support on consoles

Basic euro support is already available, however you have to select a fitting console font. Make the following entry in /etc/console-tools/config:

"SCREEN_FONT=lat0-16"

Now it will work.

27. Euro support in X

In X everything should be fine as well. KDE however has a bug which prevents typing in (not displaying) the Euro symbol. To solve the problem, the file /etc/environment must be edited. It should look this way: (for german settings)

LC_ALL="de_DE@euro" LANG=de_DE@euro.ISO-8859-15

Especially .ISO8859-15 in the last line is important for KDE. Now you have to select charset iso8859-15 in the KDE Control Center under "Personalization/Country & Language".

ATTENTION: This setting has some side effects. It will for example influence the output of sort.

28. Driver modules

Driver modules can be loaded automatically through /etc/modules. Additionaly you have the option to make alias entries in /etc/modules.conf. You should however not edit this file by hand because Debian configures it via update-modules. Instead you can make your changes in /etc/modutils/aliases. Here is the part of my aliases file that I inserted myself:

# Input module for joystick support alias char-major-13 input #Device interface for lm-sensors alias char-major-89 i2c-dev # Nvidia kernel driver alias char-major-195 nvidia # First ethernet adapter alias eth0 sundance # Sound card alias sound-slot-0 emu10k1 And here is my /etc/modutils/input:

above input joydev emu10k1-gp analog

After changing files in /etc/modutils you have to run update-modules to apply the changes.

29. Bash completion

For some time bash has been supporting programmable completion. This really can make your life easier. For example, bash can complete hostnames for the ssh command by looking into your ssh_known_hosts file. Additionally bash can be taught to complete package names for the apt-get and apt-cache commands. For this you need the bash_completion script. An old version is already installed, however it is a good idea to get the latest version. Simply download the .tar.gz archive from http://www.caliban.org/bash/. Next extract the archive and copy the file bash_completion to /etc. The existing file will be overwritten. Perhaps you have to change user and group of the file to root.root. The file should also be readable by all users.

30. Bash completion and .bash_profile/.bashrc

The files .bash_profile and .bashrc already contain some useful functions which have yet to be activated.

First you should remove the comment symbols from all lines regarding bash completion.

Now remove the comment symbols from all lines in every user's .bash_profile (including root) to execute .bashrc at login time.

You can also remove all comment symbols from the command/alias lines in your .bashrc. This will give you coloured directory listings and some useful shortcuts (ll instead of ls -l) You can find an addtitional line regarding bash completion in every user's .bashrc file. Again remove the comment symbole to get it working in every case.

ATTENTION: You should copy the following alias commands from a user's .bashrc to root's .bashrc:

alias cp='cp -i' alias rm='rm -i' alias mv='mv -i' This will make bash ask before it deletes or overwrites files.

31. Compiling programs that need kernel sources

To compile programs or driver modules, it is normally sufficient not to install the kernel sources, but the kernel header files matching the kernel you are using. If you chose kernel 2.4 during installation, this is what you have to do:

apt-get install kernel-headers-2.4.18-bf2.4

Now make a link named linux in /usr/src pointing to the directory containing the kernel headers, in this case to /usr/src/kernel-headers-2.4.18-bf2.4.

32. Orphaned packages

Debian contains a program that reports libraries no longer needed by any other package. The program's name is deborphan. By default it only searches in libs and oldlibs package categories. The manual page gives you information on searching all categories.

33. Java

Sadly, Sun does not offer any .deb packages of the JRE or JSDK. You can however convert the bin package (not the RPM version) to a deb using j2se-package. When you install the Java deb you created this way, symlinks for the most important programs, man pages and the java plugin will be created automatically. You can read more about it at Z42.de.

ATTENTION: Instead of converting Sun's BIN packages to DEB packages, you can also add the following line to your sources.list:

deb http://www.tux.org/pub/java/debian/ sid main non-free

These packages are also available for Sarge (Testing) and Sid (Unstable).

34. Brower plugins

Mozilla's plugin directory is /usr/lib/mozilla/plugins. These plugins are also available to Konqueror. You can get further information on installing plugins for Mozilla under Linux on http://plugindoc.mozdev.org/.

35. Lilo and the framebuffer

Kernel 2.4 provides the possibility to use text consoles whth high resolutions, thus making it possible to display more than 80x25 characters on the screen (and showing you a penguin on bootup). To make use of it, change the "vga" parameter in /etc/lilo.conf. Make the following entry to get a 1024x768 resolution:

vga=0x317 To deactivate the framebuffer, make this entry:

vga=normal Don't forget to run lilo after saving the configuration file!
You can find more information on framebuffer modes in the framebuffer howto (package doc-linux or doc-linux-html).

36. KMail and spamfilters

Debian provides a great spamfilter (package spamassassin). There is plenty of documentation on using Spamassassin with an MTA like Exim in combination with Fetchmail elsewhere. Here I will only and shortly explain how to use it if you download email directly from your provider with KMail via POP3 instead of getting it with fetchmail and having in delivered locally.

To use Spamassassin, you need two filters. The first one sends all emails through spamassassin, the second one checks if the emails have been marked as spam and then moves or deletes them.

This is how it looks in detail:
kmail > Settings > Configure filters > New
Settings for the first filter: Match all of the following: any header: matches regular expr.: . (Yes, enter a dot). Now select the following at the bottom of the window: Pipe through:/usr/bin/spamassassin -P -F 0. Now uncheck "If this filter matches, stop processing here".
Settings for the second filter: Match all of the following: Subject: contains: *****SPAM***** (spamassassin will insert this in all emails detected as spam). You can choose "move to folder" with the destination "trash" as an action.

ATTENTION: Spamassassin is not 100% accurate, i.e. it can happen that a normal email is detected as spam. Because of this you should never delete such emails unread.

37. Multimedia keyboards

More and more people own so called multimedia keyboards with additional function keys for example to start their browsers or other programs. With XFree's builtin keyboard drivers you can however not directly make use of these keys, and KDE's Control Center offers only limited support for assigning keys to functions. There ist a lot of documentation on the web with different solutions from using XFree's own programs like xmodmap to recompiling the X server. However this is not necessary. Debian features a program which allows you to assign different functions to your multimedia keys and additionally comes with some predefined configuration sets for well known keyboards like Logitech's itouch line. The package is named hotkeys. After installing it, you only have to make sure it is loaded on every login to the X server. Make an entry like this at an appropriate place:

hotkeys -b -t itouch The parameter b makes the program run in the background, the other one sets the keyboard type. The manual page will give you more information. If you want to configure hotkeys on your own, the program xev can tell you the keycodes for each key.

38. DMA mode for harddisks and CD-ROMs

To enable DMA mode for IDE devices, install the packages hdparm and hwtools. DMA mode cannot be configured automatically, so you must edit the initscript /etc/init.d/hwtools with a text editor. The respecting lines in my file look like this:

# hdparm optimization # Switches on interrupts during transfers and does multi sector transfers if command -v hdparm >/dev/null 2>&1; then hdparm -q -c3 -d1 -u1 -m16 -A1 -k1 /dev/hda > /dev/null hdparm -q -c3 -d1 -u1 -k1 /dev/hdc > /dev/null true fiThe -d parameter is decicive, the other ones however also give you some performance optimizations. hdparm's manual page gives you detailed information on their meaning.

ATTENTION: Some of the settings above do not work with all controllers/disks. Make sure to test them carefully, especially -u1. It can cause data loss. Also don't set the -k1 (keep) option until you have made sure the other settings work, because it will prevent the system from falling back to safe settings if errors occur.

39. Firewall / Netfilters / Masquerading

Debian offers a lot of programs to configure a packet filter, but not all of them are easy to use. For all of you that find configuring the filtering rules by hand too complicated, bastille might be worth a try. This program can configure the packet filter and some other security options by guiding the user interactively through a sequence of well explained questions. Apart from a simple packet filter, you can also activate masquerading to allow your computer to provide internet access for other machines. This is how it works:

apt-get install bastille perl-tk: installs the packages with a graphic frontend
apt-get install bastille libcurses-perl: installs the packages with a textmenu based frontend

ATTENTION: The program is called InteractiveBastille and must be run as root. When using the graphic frontend, you must either be logged in as root or call an appropriate program as normal user, like this:

kdesu /usr/sbin/InteractiveBastille

This is necessary because Debian does not allow users to access the X server of any other user by default.

last updated: 2009-11-17, 14:14:48
http://www.andreasjanssen.de - andreas.janssen@gmail.com