Automatic Configuration of Linux Desktops

Automatic Configuration of Linux Desktops

In yesterday's post I described how to install Linux over the network. Now I'm going to polish that off with a bit of post-install scriptery that does a bit more customization.

This part of the tutorial makes use of several different concepts to provide a customized install experience. First is the use of LDAP authentication on the domain. Your network may or may not use this. If you aren't already authenticating with LDAP you'll want to adapt this tutorial to your needs. Next is the use of the new user "Skeleton" configuration where you can place items that are automatically copied into a user's home directory the first time they log in. Last is using the rc.local file to run a script in such a way that it only runs the first time the computer is booted. This could be adapted to ask for the name of the computer during that step or other things to allow even more customization during install. A common practice instead of using a bash script like I did is to use a Python script at this point to allow for a more pleasing and customizable setup.

Using Kickstart to configure the installation gives you the option of running a script at "post-install" - however this script is run before the machine is booted into the new install, so some things may not be able to be edited there. I ended up writing a post-install script that changes the rc.local file to run my custom configuration, and then switches back the standard rc.local after it's been run once, so the configuration settings only happen on the first boot.


This step takes a little bit of preparation. First, I found that using the network install would only install apt repositories that pointed to your install media on the network, which means it's impossible to install any packages not included on the original CD. I also wanted to configure a basic desktop setup for each user that included a Firefox icon on the desktop that pointed to our Intranet. Finally I wanted to have it automatically configure LDAP authentication for the computer and add our "Domain Admins" group from LDAP into the sudoers list.

To do this, I started with a freshly installed Linux and configured our network authentication. I then added a shortcut to start Firefox to the desktop and set the Firefox home page to our Intranet. After the LDAP authentication was configured (which I won't go into here) I did the following as root on this configured desktop computer:

cd ~
mkdir add2network
cd add2network
cp /etc/apt/sources.list ./
cp -R /etc/pam.d ./
cp /etc/nsswitch.conf ./
cp /etc/ldap.conf ./
cp /etc/cups/cupsd.conf ./
cp -R /home/tony/.mozilla ./
cp /home/tony/Desktop/firefox.desktop ./

Note, if your name isn't Tony, you might need to replace that with your correct path...

First-run script

Next I created a file called "" and inserted the following script:

cp ./sources.list /etc/apt/
apt-get update
apt-get install -qq -y libpam-ldap libnss-ldap nss-updatedb libnss-db cups
apt-get remove -qq gnome-games
# Set up network authentication
cp ./nsswitch.conf /etc/
cp ./pam.d/* /etc/pam.d/
cp ./ldap.conf /etc/
# Add the LDAP group "Domain Admins" to the sudoers list
echo "User_Alias DAG=%Domain Admins" >> /etc/sudoers
echo "DAG ALL=(ALL) ALL" >> /etc/sudoers
# Set up new user skeleton
cp rm -R -f /etc/skel/*
mkdir /etc/skel/Desktop
chmod 777 /etc/skel/Desktop
cp ./firefox.desktop /etc/skel/Desktop/
cp -R ./.mozilla /etc/skel/
chown -R root:"Domain Users" /etc/skel/.mozilla
chmod -R 770 /etc/skel/.mozilla

Then, make it executable and tar this all up into a single file:

chmod +x
cd ..
tar -czf add2network.tgz add2network
Now place this tgz file in the root of the web server that's serving your install image. In this example it's at

Next we add a script to the ks.cfg file to trigger this to download and run after installation.

Adding to the ks.cfg file

Edit the ks.cfg file on your server. Just before the "%package" line that we added yesterday, insert the following text:

%post --interpreter=/bin/sh
mv /etc/rc.local /etc/rc.local.orig
cat > /etc/rc.local <<EOT
#!/bin/sh -e
# First keep users from trying to log in since we arent done:
/etc/init.d/gdm stop
cd /root/
# Wait for the network to be available:
sleep 20
tar -zxvf add2network.tgz
cd add2network
rm /etc/rc.local
mv /etc/rc.local.orig /etc/rc.local
# Reboot since we're changing authentication methods
exit 0
chmod a+x /etc/rc.local

During installation, this will replace the /etc/rc.local file with a script that will download the add2network.tgz file, execute it, then replace the /etc/rc.local file with the original copy so that it won't run next boot.

The only part that requires user attention in the above scripts is the installation of the LDAP files - in my example they will still prompt for input, and I can't figure out how to make them stop. It doesn't matter what input you provide because the script will overwrite the settings with my pregenerated ldap.conf file.

And there you have it - complete configuration of Linux desktops for easy network deployment.

Posted by Tony on Sep 23, 2009 |