Notes

From Here;

These are the customisations that we apply to our RedHat Linux 9 systems after doing a RedHat kickstart install, and as needed after that. The files are distributed using rdist. Some files are system configurations which are installed in place: there may be an associated rdist action to restart a corresponding system service. Other files are simply action scripts in the sense that rdist runs them after transferring or updating them: these are mostly installed in /root/distrib.

/root/distrib/update

Updates the target RedHat system to the latest application RPMs.

Upgrading to the latest RPMs also takes place as a %post-install operation when a desktop PC is initially loaded.

/root/distrib/upkern

Updates the target RedHat system to the latest kernel RPMs. See above.

/etc/hosts

Customised to include local machines to reduce impact of DNS failure.

/etc/hosts.deny

Customised to ALL: ALL.

/etc/cron.allow

Customised to restrict who can use the crontab command (empty file means nobody).

/bin/ll

Provided as an effective alias for ls -l under any shell.

/root/distrib/pineconfrc

Configures /etc/pine.conf for local conventions. By providing this as a script, we avoid having to re-write every time pine is upgraded.

/root/distrib/afsrpmrc

Loads the openafs RPM if necessary.

/root/distrib/afsconfrc

Configures AFS cell and cache.

/root/distrib/anacronrc

Removes /usr/local directories from search PATH in /etc/anacrontab.

/root/distrib/cronrc

Deactivates cron actions in /etc/cron.d/ and /var/spool/cron/ for packages we don't use yet.

/root/distrib/chkconfigrc

Configures local services on or off using /sbin/chkconfig.

/root/distrib/hostnamerc

Configures hostname in /etc/sysconfig/network to have a consistent case and format across machines.

/root/distrib/fontsrc

Changes the order of preference in /etc/X11/fs/config to choose 100dpi fonts before 75dpi ones.

/etc/sysconfig/desktop

Set the default displaymanager to KDE.

/root/distrib/iptablesrc

Chooses correct iptables setup for the target host.

/etc/sysconfig/iptablesdt

The normal configuration for /etc/sysconfig/iptables on our desktops.

/root/distrib/passgr

Merges local groups into /etc/group.

/root/distrib/passpw

Merges local users into /etc/passwd.

/etc/sysconfig/static-routes

Static routes for our desktops (if any).

/root/distrib/fstabrc

Merges local /etc/fstab.{nfs,usb}* files into /etc/fstab.

/etc/fstab.nfs*

NFS entries to be merged into /etc/fstab

/etc/fstab.usb*

USB entries to be merged into /etc/fstab, like /mnt/usbdisk.

/etc/cron.daily/bham*

Local daily tasks.

/etc/log.d/conf/logwatch.conf

Customised so I'm not inundated by emails from logwatch on every desktop PC each morning: just the important bits.

/etc/log.d/conf/services/sendmail.conf

See above. A particular irritation is when logwatch sends information about the sendmail log entries corresponding to the email it sent me about the sendmail log entries yesterday! Removing this file or modifying what it looks for will fix this problem.

/etc/rc.d/rc.local

Local startup tasks.

/etc/skel

Customized initial home directory files for new users.

/etc/logrotate.conf

Customized log rotation to keep logs by month and for longer.

/etc/mailcap

Customised /etc/mailcap calls /usr/local/bin/pdfviewer rather than /usr/bin/xpdf for PDF files, allowing a user environment variable to choose between xpdf and acroread. Also customised for OpenOffice equivalents to ms-word, ms-excel and ms-powerpoint.

/etc/mailcap is used by the pine mail client by default, also by mozilla if plugger doesn't get in the way first.

/etc/profile

A worthy addition to /etc/profile or /etc/profile.d/something is a check to see if the $HOME file system is full. A full $HOME can lead to several insidious errors without necessarily showing any relevant error message. For example, when logging on to a server with a full $HOME file system, ssh X11 forwarding can't be properly set up because $HOME/.Xauthority cannot be updated, and when you later start an X application, you get the message:

   X11 connection rejected because of wrong authentication.
   X connection to localhost:10.0 broken (explicit kill or server shutdown).

/root/distrib/plugfixrc

Effectively disables the plugger application - could have removed the RPM. Mozilla and galeon helpers work much more snappily and reliably without it!

/etc/syslog.conf

Customized system logging.

/etc/X11/xdm/kdmrc

Change the font size and heading text on the kdm login panel.

/root/distrib/kdmlistenrc

For hosts that I want to provide a local X-terminal XDMCP listener service, this configures file /etc/X11/xdm/kdmrc to set Enable=true.

/etc/X11/xdm/Xaccess

Configured to limit access to XDMCP service to local X-terminals (access also limited by iptables).

/usr/bin/ps2epsi

This fix is required as the supplied version provokes a sed problem, see this report, of unescaped tildes in sed commands. Needs ~ to become \~ in two instances.

/usr/lib/mozilla/plugins/libflashplayer.so

Symbolic link to the macromedia flash plug-in, triggers installation of the flash package for mozilla (download links here).

/usr/lib/mozilla-1.4.2/defaults/pref/unix.js

Customised mozilla to add pref calls for local printers and a print.printer_list. Also similar for firefox browser.

/usr/share/applicatbham

Directory containing our local applications directories, which are linked in to /var/lib/menu/kde/Applications.

/usr/share/icons/BHAM*

Extra local icons.

/usr/share/config/kcmartsrc

Added to configure the artsd sound server: for example to turn off artsd completely by preventing it starting at KDE logon, or to have a shorter suspend idle time. The options can also be configured on a user-by-user basis by using KDE Control Center -> Sound & Multimedia -> Sound System -> ARTs, and the kcmartsrc file so created in $HOME/.kde/share/config could be used as the model for the system-wide file.

/usr/share/config/kcmdisplayrc

Customized to use energy saving DPMS modes on monitors by default. Customized so as not to exportKDEColors by default. The original default gives rise to X11 resources being set up, which appear in a xrdb -query, for applications like nedit and xwp/wordperfect which the user might never use, and sneakily also sets kprinter as the default printer setting for acroread and gv. The user can set the original default back if s/he wishes using KDE Control Centre -> Appearance & Themes -> Colors/Colours -> Apply colors to non-KDE applications. The resource files are in /usr/share/apps/kdisplay/app-defaults.

/usr/share/config/kdeglobals

Customized so that by default a single-click is required to start an application from an icon rather than a double-click. I'm not in favour of this retro double-click! Also change default Widget style.

Change the shortcut key combination for ending a KDE session from Alt-Ctrl-Delete to Alt-Ctrl-End: Ctl-Alt-Del is used by MS Windows client viewers to terminal servers, and users don't want to have to learn new shortcuts just for when they're viewing from Linux.

The file manager konqueror generates previews of files by default, even when the file might need processing through ghostscript for example, which is all very nice if it works. But it's buggy, and kdeinit kio_thumbnail processes using 100% cpu for hours are not uncommon. Also, some users might like to retain a meaningful last access time for files. So turn konqueror previews off by default (is there a better way?):

	       [PreviewSettings]
               MaximumSize=0
               file=false

The last line is superfluous provided the MaximumSize isn't overridden. The user can always turn previews back on using Settings -> Configure Konqueror -> Previews in the konqueror file manager.

/usr/share/config/kdeprintrc

Change default Printsystem to CUPS: it's what we use, and it gets rid of those annoying messages "ypcat: can't get local yp domain: Local domain name not set".

/usr/share/config/kickerrc

Customize our local kicker Panel: demote those OpenOffice applications back to the start menu where they belong.

/usr/share/config/konsolerc

Remove the Menubar and Toolbar by default from konsole (too confusing for users), allow Xon/Xoff to work by setting XonXoff=true, set the default height of the konsole window just a few pixels taller so that we don't lose the descenders of characters on the bottom line - looks like a miscalculation by konsole.

/usr/share/config/kpartsaverrc

/usr/share/config/kslideshow.kssrc

Add customised files for these screensavers to show some pictures rather than "The screen saver is not configured yet" or "No images found", particularly when the screensaver was chosen randomly.

/usr/share/config/kwinrc

Change the default PluginLib to kwin_keramik, and window MoveMode and ResizeMode to Transparent rather than Opaque, by default.

/usr/bin/startkde

Customised to add xmessage commands for errors like Not enough free disk space on /tmp, rather than just dropping the user back to the login screen without visible comment.

Also avoid using /usr/bin/desktopconv for pre KDE3 conversion - it hangs for some users. Instead, invokes our local init.kde3, which saves the .kde directory and starts afresh.

Also if /var/lib/menu/kde already exists, don't invoke /usr/bin/desktop-create-kmenu. At system start-up, and elsewhere (not here as we are in user mode), we soft-link our two local applications directories into /var/lib/menu/kde/applications at the top level. There may be a better way of doing this but I don't know what it is!

/root/distrib/screensaversrc

This renames files in /usr/share/apps/kscreensaver/ScreenSavers/ like KSolarWinds.desktop and KFountain.desktop to a non-desktop suffix, so that they aren't chosen by the random screensaver choice, and don't appear in the screensaver chooser panel. Some screensavers like SolarWinds are just too busy!

/root/distrib/xfreerc

This chooses between several /etc/X11/XF86Config.versions according to the target, to set up the X server, and sets the default runlevel in /etc/inittab to 5.

It may be necessary to configure /etc/X11/XF86Config a bit by hand if the particular keyboard is not our standard layout or language: our default is Option "XkbLayout" "gb", and also /etc/sysconfig/keyboard contains KEYTABLE="uk" for text-mode sessions.

/var/mail

/etc/rc.d/init.d/sendmail

A customized version of the sendmail init script, which doesn't start or kill the sendmail port 25 listener if DAEMON=no.

/etc/sysconfig/sendmail

Configuration file which sets DAEMON=no and SMQUEUE to 5 minutes (this is the queue retry time for the submit sendmail daemon).

/etc/mail/submit.mc

A customized version of the sendmail local submit configuration.

By default in RedHat 9, a mail client (such as pine) invokes /usr/sbin/sendmail which runs under user:group smmsp:smmsp (using configuration submit.mc) to send email to localhost port 25. A sendmail daemon (running under smmsp:smmsp and using configuration submit.mc) runs to retry any mail that failed to get through to this local port, sitting in the /var/spool/clientmqueue directory. Another sendmail daemon (which uses configuration sendmail.mc) is configured to listen on localhost port 25 and do the real work of mail relaying: forwarding email to the local mail hub or to the big wide world, first enqueuing it in /var/spool/mqueue. Only if this host is a mailhub would it be configured to listen on 0.0.0.0:25 to receive email from the big wide world.

For our desktop clients, having a sendmail daemon listening to localhost port 25 and running in root mode is not necessary. So the submit.mc configuration file is set up so that the email is forwarded to the local mailhub in one hop. This has the side advantage that mailq -Ac will actually show if mail is for some reason still on the local desktop - not possible if the mail has disappeared and gone into the port 25 listener. We just then have the one sendmail daemon (non-root, using the configuration submit.mc) to retry emails which failed first time to the local mailhub.

/etc/cups/ppd/*

/etc/cups/lpoptions

/etc/cups/printers.conf

/etc/cups/cupsd.conf

Various CUPS printer system files distributed for our desktop systems.

/usr/local

Distributed files for our local desktops.

/usr/local/bin/acroread

This wrapper script is present to fix several problems with Adobe acroread. First it unsets the LANG variable to allow acrobat 5 to work, avoiding Warning: charset UTF-8 not supported message and abort. Also, mozilla invokes acroread (or our pdfviewer script) without a current directory, which causes the binary to fail, so the acroread wrapper script does a cd "$PWD" which fixes the problem if invoked by mozilla, and is harmless otherwise. Also we have a feature to put debugging into effect (option -DEBUG acrodebug) if the file /tmp/acro.debug exists.

/opt/Acrobat4

/opt/Acrobat5

Acrobat 4 and 5 acroread installations. These are as downloaded from Adobe. Also, to avoid an error with some PDFs (message says An error has occurred that may be fixed by installing the latest version of the Korean Language Support package) we have installed the Adobe Korean font package.

/opt/RealPlayer8 and /opt/RealPlayer-10

The RealPlayer8 package, plus RV9 codecs, and the RealPlayer10 package, downloaded via this Netscape/Mozilla plugins web page.

Note that in order to get this to work on RedHat 9, it is necessary to export LD_ASSUME_KERNEL=2.2.5 in the local realplay interface script, because of a threads problem, and to ensure the artsd daemon is disabled or suspended (artsshell suspend) while realplayer is running. Although artsd starts with autosuspend 60 by default, that doesn't mean that it's in the suspend state when you want it to be! (Arts can be configured or turned off in a kcmartsrc file or using Control Center: see above). Alternatively could use the artsdsp command to start realplay - haven't tried that yet myself.

/usr/lib/ICAClient

Triggers installation of the ICAClient rpm.

A customisation I have had to apply in our script which invokes the ICA client is to disable the artsd daemon or suspend it (artsshell suspend) while the ICA client is running (see realplayer comments above). This appears to be necessary even if sound is disabled in the user's ICA client configuration. Otherwise a terminal server session can hang just after the point where the user has logged in but before any desktop icons appear: an strace shows that opening /dev/dsp was the last operation.