“UbuntuHelp:CorporateUbuntu”的版本间的差异

2007年11月30日 (五) 16:36的版本

文章出处:

https://help.ubuntu.com/community/CorporateUbuntu

点击翻译:

English  • 中文

请不要直接编辑翻译本页，本页将定期与来源同步。

A suggested guide to setting up Ubuntu for use in a corporate environment

Foreword

Ubuntu has the potential to be a forerunner in the business Linux desktop market and potentially, the general desktop market (ZDNet UK - Desktop Linux for small business). Combining Ubuntu with a low-cost thin-client architecture such as Sun'Ray (see UbuntuOnSunRay) could be the answer to numerous biased lower TCO reports being advertised by Microsoft. The basis of this document will cover migration from a Sun Solaris 8 CDE user environment to Ubuntu and a number of best practices for a multi-user environment. Although there will be some SUN environment specific sections, the aim of the document is to provide and facilitate collaboration on a generic guide for setting up Ubuntu in the corporate environment.

Introduction

The setup of the CorporateUbuntu environment is broken up into the following:

• Authentication
• Home Directories
• Remote Mounts
• Printing
• Locale
• Keyboard
• User Login Script
• Locking Down GNOME
• Email
• Word Processing Suite
• Terminals
• Multimedia
• GNOME Menu
• Time/Date
• Remote Desktop

The overall aim of the CorporateUbuntu guide is to provide a feature-rich, locked-down and consistent user environment. Considerations have been made and addressed in the areas of migrating from and integrating into existing operating and network environments.

Authentication

Prior to the migration to Ubuntu, NIS was used for authentication. Authentication was migrated over to an LDAP-based system using a Sun Java Enterprise System Directory Server.

• instructions for authenticating off a Sun Java Enterprise System Directory Server are contained in the UbuntuHelp:SunLDAPClientAuthentication page
• instructions for authenticating off an OpenLDAP server are contained in the UbuntuHelp:LDAPClientAuthentication page
• instructions for authenticating off Active Directory are contained in the ActiveDirectoryHowto page

Home Directories

The users home directories reside on a Solaris server and are shared out via NFS. The home directories, are therefore, automounted upon logging into the Ubuntu machine.

• instructions for automounting home directories are contained in the Setting Up NFS page

Remote Mounts

Similar to the home directories, the Solaris server contains multiple shares available over NFS.

• instructions for statically mounting shares at boot are contained in the Setting Up NFS page

Printing

The Ubuntu printing setup has disabled the use of CUPS for administration of printers due to security reasons. A current oversight made by the developers involved in the Ubuntu printing interface is the lack of the ability to name/rename printers. The printers are named after the printer model name and it is not scalable in a large environment where several printers of the same model may exist. A workaround is to rename the entry made in /etc/cups/printers.conf and create a symbolic link to the printer model PPD file in the /etc/cups/ppd directory. Below is a script that can be installed into /usr/bin and run immediately after setting up a printer:

#!/bin/bash
#
############################################
#
# changeprintername - changes the name of a
#                     printer that was
#                     created using Ubuntu
#                     Printing GUI
#
# Usage: changeprintername old_name new_name
#
# Written: Naaman Campbell
#          22 November 2005
#
############################################
CUPS_DIR=/etc/cups
CONF=$CUPS_DIR/printers.conf
PPD_DIR=$CUPS_DIR/ppd
# Usage Check
if [ $# -ne 2 ]; then
echo "Usage: $0 old_name new_name"
exit
fi
##################################
# DISPLAY CONFIG AND PROMPT USER #
##################################
# find line number of first instance of old printer name
LINE=`grep -m 1 -n $1 $CONF | sed -e 's/^\(.*\)\:.*/\1/'`
# obtain a magic number for 'tail'
LINECOUNT=`cat $CONF | wc -l`
TAILNUM=`expr $LINECOUNT - $LINE`
# find number of lines between start and end of
# config section for printer
PATTERN="</Printer>"
NUMOFLINES=`tail -$TAILNUM $CONF | grep -m 1 -n $PATTERN | sed -e 's/^\(.*\)\:.*/\1/'`
ENDLINE=`expr $LINE + $NUMOFLINES`
# display current config to user
echo
echo "Confirm changing the current printer $1 to $2"
echo "with the following configuration.."
echo
sed -n ''$LINE','$ENDLINE' p' $CONF
echo
echo "Proceed with printer name change? (y or n)"
read answer
case $answer in
y)      echo "Changing $1 to $2"
;;
n)      echo "Exiting.."
exit
;;
*)      echo "Invalid selection, now exiting.."
exit
;;
esac
###################
# PERFORM CHANGES #
###################
# create symlink
echo
echo "Creating symlink.."
ln -s $PPD_DIR/$1.ppd $PPD_DIR/$2.ppd
# update config file
echo "Updating configuration file.."
sed -i -e ''$LINE','$LINE' s/'$1'/'$2'/' $CONF
# restart cups
echo "Restarting CUPS.."
/etc/init.d/cupsys restart
echo "Script completed operations.."
ncampbell@naaman:~$ sudo chmod u+x /usr/bin/changeprintername

The changeprintername script is also available as an attachment - https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=changeprintername After a new printer is added to the system, the script can be run as follows:

ncampbell@naaman:~$ sudo changeprintername old_name new_name

It is possible to subvert the measures setup by the Ubuntu printing team to enable access into the Cups administration web pages. By adding the cupsys user into the shadow group, the cupsys user is able to edit the necessary printing system files. Change the shadow group line in /etc/group to include the cupsys user:

ncampbell@naaman:~$ sudo vi /etc/group
shadow:x:42:cupsys

Locale

During initial testing, it appeared that the locale was not being set correctly after logging into GNOME. The locale issue appears to be a user-specific problem from when users used to log on to a Java Desktop System (JDS) - Solaris 10 machine. Ubuntu provides adequate language configuration during the installation process. If additional languagues need to be added or the default GNOME language needs to be changed, use the Language Selector program:

ncampbell@naaman:~$ sudo /usr/bin/gnome-language-selector

Keyboard

Part of configuring Ubuntu for corporate use is locking down the desktop. Limiting the number of keyboard shortcuts, and limiting configuration of shortcuts, is part of restricting access to sections of GNOME. Adapted from the UbuntuOnSunRay wiki, listed below are a set of suggested shortcuts to be made available to users:

• Launch help browser - Help*
• Lock screen - "Moon"*
• Home folder - Open*
• Search - Find*
• Take a screenshot - Print
• Take a screenshot of a window - <Alt>Print
• Close window - <Alt>F4
• Move between windows with popup - <Alt>Tab
• Switch to workspace on the left - <Control><Alt>Left
• Switch to workspace on the right - <Control><Alt>Right

(* denotes Sun Keyboard specific keys - could be mapped to other keys on other keyboards) To forcibly set the shortcuts, the use of the gconftool-2 command needs to be used. Follow the procedures listed on the UbuntuOnSunRay wiki - Keyboard Shortcuts - as a guide on how to lockdown keyboard shortcuts.

User Login Script

In some sections below, a need arises for a login script to ensure uniform configuration of user profiles logging into the customized system. The steps below outline how to setup a wrapper script for /usr/bin/gnome-session, which is executed on login, and a complete example gnome-session-wrapper script is attached - https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=gnome-session-wrapper%3A

ncampbell@naaman:~$ sudo cp gnome-session-wrapper /usr/bin/.
ncampbell@naaman:~$ sudo chmod 755 /usr/bin/gnome-session-wrapper
ncampbell@naaman:~$ sudo rm /etc/alternatives/x-session-manager
ncampbell@naaman:~$ sudo ln -s /usr/bin/gnome-session-wrapper /etc/alternatives/x-session-manager

The wrapper script may contain unwanted components, such as the Mozilla -> Evolution migration section, which should be removed from the script if it is not needed.

Locking Down GNOME

It appears that the GNOME team has withdrawn the setup of the lockdown configuration that was present in GNOME 2.6. The lockdown setup was also undesirable as it did not allow users to drag and drop shortcuts from the GNOME menu onto the desktop or menu bar. The current concerns of the lockdown procedures are ensuring a consistent look-and-feel across all desktops and setting minor options for users. The look-and-feel is controlled by the three areas: theme, background and screensaver.

Look and Feel

Theme and background are controlled by the gconf database and can be enforced system-wide. The Clearlooks theme was selected to replace the somewhat initially unfavorable brown Human theme. Clearlooks coupled with a background consisting of a 150x150 company logo on a dark-to-light grey vertical gradient, makes for a clean looking desktop. Prior to performing the gconftool-2 commands below, ensure all users are logged out of GNOME (perform commands from text console or a remotely logged-in session):

ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/background/color_shading_type "vertical-gradient"
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /desktop/gnome/background/draw_background true
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/background/picture_filename "/usr/share/backgrounds/company_logo.png"
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /desktop/gnome/background/picture_opacity 100
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/background/picture_options "centered"
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/background/primary_color "#3E3A36"
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/background/secondary_color "#DFDFDF"
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/interface/gtk_theme "Clearlooks"

Screensaver

Screensaver configuration is separate to the gconf system and is configured system-wide via /etc/X11/app-defaults/XScreenSaver. Although a system-wide file exists, users are still able to change the settings by setting up a .xscreensaver file within their home directories. A suggested method of locking down the screensavers is to "mv" the screensaver files from /usr/lib/xscreensaver to another directory and to create a symbolic link to /etc/X11/app-defaults/XScreenSaver named .xscreensaver under the user's home directory upon logging in to GNOME. The means for creating the .xscreensaver for the user can be performed inside the gnome-session-wrapper script:

ncampbell@naaman:~$ less /usr/bin/gnome-session-wrapper
#########################################
# XSCREENSAVER
# - ensure users cannot alter
#   xscreensaver settings
#########################################
GLOBALXSS=/etc/X11/app-defaults/XScreenSaver
USERXSS=~/.xscreensaver
# check if file exists
if [ -e $USERXSS ]; then
# check if file is a symlink
if [ -h $USERXSS ]; then
CONF=`ls -l $USERXSS | sed -e "s/.*\.xscreensaver -> //g"`
# check if symlink points to correct location
if [ $GLOBALXSS != $CONF ]; then
rm $USERXSS
fi
else
# file is not a symlink
rm $USERXSS
fi
fi  
# check if symlink exists
if [ ! -h $USERXSS ]; then
ln -s $GLOBALXSS $USERXSS
fi
#########################################
# END XSCREENSAVER
#########################################

In a thin-client environment, it is recommended that a blank screensaver is used due to the amount of load needed to serve the video. The following /etc/X11/app-defaults/XScreenSaver-gl contains configuration suitable for a thin-client environment - https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=XScreenSaver-gl. Suggested xscreensaver settings in a "fat-client" environment include:

• Only One Screen Saver
• Blank after 10 minutes
• Lock screen upon blanking
• The GLText (clock) screensaver - with all effects turned off

Company Name Monday 28 Nov 2005 11:39:07 AM A sample /etc/X11/app-defaults/XScreenSaver containing the above suggested settings is attached - https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=XScreenSaver.

Default Settings

The minor settings that can form part of locking down the environment include changing the default archive extension to .zip and the configuration of sound settings within GNOME to turn on sound and turn off sound events. Once again, prior to performing these gconftool-2 commands, ensure all users are logged out of GNOME:

ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /apps/file-roller/dialogs/batch-add/default_extension ".zip"
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /desktop/gnome/sound/event_sounds false
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /desktop/gnome/sound/enable_esd true

Email

The current email client used on the Solaris desktops is Mozilla Mail 1.4. Email is currently using POP to transfer emails and will continue to use POP from within Evolution. POP-to-IMAP changeover will occur at a later date. When users log in to GNOME, an addition to the gnome-session-wrapper script can check if the user has an existing evolution profile and migrate the user's Mozilla mail into Evolution. The additional section of gnome-session-wrapper performs the following:

• creates and initializes a minimal evolution profile
• moves the email into the correct sections of the new profile
• prepares the moved files for first usage
• Note: this method can result in a very long delay when the user first logs in if the user has a large email directory.

The script requires installing and configuring ssmtp & mailx to email the system administrator errors that may arise in the migration process. To install ssmtp and mailx you need to install the ssmtp package from the Universe Repository and the mailx package. Then you need to edit the /etc/ssmtp/ssmtp.conf file to your specifications.

mailhub=mail.company.com.au
hostname=naaman.company.com.au
ncampbell@naaman:~$ less /usr/bin/gnome-session-wrapper
#########################################
# EVOLUTION
# - migrate users from mozilla mail to
#   evolution
#########################################
ERRORMSG=~/moztoevoerr.`date +%F`
[email protected]
ERRORSUBJECT="Non-standard Mozilla profile"
EVODIR=~/.evolution/mail/local
SKIPEVO=0
# evolution mail directory exists
if [ -d $EVODIR ]; then
# further processing is not necessary
SKIPEVO=1
fi
function emailerrors {
# error message file contains data
if [ -s $ERRORMSG ]; then
mailx -s "$ERRORSUBJECT" $ERRORRECIPIENT < $ERRORMSG
rm $ERRORMSG
SKIPEVO=1
fi
}
# check if more than one profile exists
PROFILE_COUNT=`find ~/.mozilla/* -type d | grep slt | cut -f5 -d "/" | uniq | wc -l`
if [ $PROFILE_COUNT -gt 1 ]; then
echo "$USER has too many profiles - manual migration needed" >> $ERRORMSG
emailerrors
fi
# obtain mozilla directory path
PROFILEDIR=`find ~/.mozilla/* -type d | grep slt | cut -f5 -d "/" | uniq`
SLTDIR=`find ~/.mozilla/* -type d | grep slt | cut -f6 -d "/" | uniq`
# check for email directory
EMAILDIR=~/.mozilla/$PROFILEDIR/$SLTDIR/Mail
if [ ! -d $EMAILDIR ]; then
# no email directory, so skipping
SKIPEVO=1
fi
if [ $SKIPEVO -eq 0 ]; then
# initialise evolution profile settings
ACCNAME="$USERNAME on mail"
DOMAIN=company.com.au
EMAIL="$USERNAME@$DOMAIN"
MAILSERVER=mail.$DOMAIN
OUTGOINGMAIL=mailout.$DOMAIN
PREFS=~/.mozilla/$PROFILEDIR/$SLTDIR/prefs.js
# obtain Mozilla prefs ID number
MOZID=`grep -e "identity\.id.*\.useremail\"\,\ \"$USERNAME\@$DOMAIN\"" $PREFS | sed -e 's/.*\.\(id.\)\..*/\1/g'`
# obtain user Full Name
NAME=`grep -e "identity\.$MOZID\.fullName" $PREFS | sed -e 's/.*fullName\"\,\ \"\(.*\)\".*/\1/g'`
if [ -z $NAME ]; then
# fullName field is empty
# obtain from GECOS field in passwd database
NAME=`getent passwd | grep $USERNAME | cut -d: -f5`
fi
# create evolution profile
mkdir -p $EVODIR
# copy emails - maintaining folder structure
cp -pr $EMAILDIR/$MAILSERVER/* $EVODIR/.
# remove unnecessary files
find $EVODIR -name "*.msf" -exec rm {} \;
find $EVODIR -name "*.dat" -exec rm {} \;
find $EVODIR -name "*.html" -exec rm {} \;
# generate random numbers for evolution profile
UIDPT1=`echo $RANDOM$RANDOM$RANDOM | sed -e 's/^\(..........\).*/\1/g'`
UIDPT2=`echo $RANDOM$RANDOM$RANDOM | sed -e 's/^\(.....\).*/\1/g'`
PROFILEUID=$UIDPT1.$UIDPT2.1
ABOOKUIDPT1=`echo $RANDOM$RANDOM$RANDOM | sed -e 's/^\(..........\).*/\1/g'`
ABOOKUIDPT2=`echo $RANDOM$RANDOM$RANDOM | sed -e 's/^\(.....\).*/\1/g'`
ABOOKUID=$ABOOKUIDPT1.$ABOOKUIDPT2
# clear previous configuration
gconftool-2 --recursive-unset /apps/evolution
# setup mail account
gconftool-2 --type list --set /apps/evolution/mail/accounts --list-type string "[<?xml version=\"1.0\"?>\
<account name=\"$ACCNAME\" uid=\"$PROFILEUID@$HOSTNAME\" enabled=\"true\"><identity><name>$NAME</name><addr-spec>$EMAIL</addr-spec><signature uid=\"\"/></identity><source save-passwd=\"true\" keep-on-server=\"false\" auto-check=\"true\" auto-check-timeout=\"5\"><url>pop://$USERNAME@$MAILSERVER/;use_ssl=never</url></source><transport save-passwd=\"false\"><url>smtp://$USERNAME@$OUTGOINGMAIL/;use_ssl=never</url></transport><drafts-folder>mbox:$HOME/.evolution/mail/local#Drafts</drafts-folder><sent-folder>mbox:$HOME/.evolution/mail/local#Sent</sent-folder><auto-cc always=\"false\"><recipients></recipients></auto-cc><auto-bcc always=\"false\"><recipients></recipients></auto-bcc><receipt-policy policy=\"never\"/><pgp encrypt-to-self=\"false\" always-trust=\"false\" always-sign=\"false\" no-imip-sign=\"false\"/><smime sign-default=\"false\" encrypt-default=\"false\" encrypt-to-self=\"false\"/></account>]"
gconftool-2 --set /apps/evolution/mail/default_account --type string "$PROFILEUID@$HOSTNAME"
# setup address books
gconftool-2 --type list --set /apps/evolution/addressbook/sources --list-type
string "[<?xml version="1.0"?>\
<group uid=\"$ABOOKUID.0@$HOSTNAME\" name=\"On This Computer\" base_uri=\"file://$HOME/.evolution/addressbook/local\" readonly=\"no\"><source uid=\"$ABOOKUID.1@$HOSTNAME\" name=\"Personal\" relative_uri=\"system\"><properties><property name=\"completion\" value=\"true\"/></properties></source></group>\
,<?xml version=\"1.0\"?>\
<group uid=\"$ABOOKUID.2@$HOSTNAME\" name=\"On LDAP Servers\" base_uri=\"ldap://\" readonly=\"no\"><source uid=\"$ABOOKUID.3@$HOSTNAME\" name=\"Company Name Address Book\" relative_uri=\"dir.$DOMAIN:389/o=People??one\"><properties><property name=\"timeout\" value=\"3\"/><property name=\"limit\" value=\"100\"/><property name=\"completion\" value=\"true\"/></properties></source></group>]"
gconftool-2 --set /apps/evolution/addressbook/display/primary_addressbook --type string "$ABOOKUID.1"
# end evolution if statement
fi
#########################################
# END EVOLUTION
#########################################

At present, address books cannot be migrated on the command line and are going to be done manually. A solution does exist as documented here - Web-based mab2ldif conversion tool. The authors have been contacted to obtain the source.

Word Processing Suite

The OpenOffice2 suite of applications offers vast improvements over the currently used StarOffice7. OpenOffice2 provides a method for using the GTK file chooser dialogs and, although it does not have the language support of StarOffice7, methods are available for setting up language tools to suit different regions. The following instructions are useful in environments that don't require the EN-US locale. Obtain the dictionary, hyphenation dictionary and the thesaurus for the desired language from the OpenOffice Writing Aids site. Save the files into a new folder named langtools, extract the archives and move the files into the /usr/lib/openoffice2/share/dict/ooo directory:

• Instructions below are for Australian English
  • British English is the closest English offering a hyphenation dictionary
  • Only an American English thesaurus is available

ncampbell@naaman:~$ mkdir langtools
ncampbell@naaman:~$ cd langtools
# save files into directory prior to continuing
ncampbell@naaman:~/langtools$ unzip *.zip
ncampbell@naaman:~/langtools$ sudo mv en_AU.aff en_AU.dic hyph_en_GB.dic th_en_US_v2.dat th_en_US_v2.idx /usr/lib/openoffice2/share/dict/ooo/.
ncampbell@naaman:~/langtools$ cd ..

To complete the configuration, the following was appended to the end of the Dictionary list file:

DICT en AU en_AU
HYPH en AU hyph_en_GB
HYPH en GB hyph_en_GB
THES en AU th_en_US_v2
THES en GB th_en_US_v2
THES en US th_en_US_v2

To set the correct locale & dictionaries along with changing to use the GTK file chooser dialogs, user configuration needs to be changed. A suggested way of setting up user configuration for OpenOffice2 is to store base configuration files in a common location and copy the files into the user directory upon login. The attached files: https://help.ubuntu.com/community/Common.xcu, https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=Linguistic.xcu and https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=Setup.xcu are to be saved to the common location and the following amendment to the ?action=AttachFile&do=get&target=usr%2Fbin%2Fgnome-session-wrapper script needs to be made:

ncampbell@naaman:~$ sudo mkdir -p /usr/share/company/ooo2/Office
ncampbell@naaman:~$ sudo mv Common.xcu Linguistic.xcu /usr/share/company/ooo2/Office/.
ncampbell@naaman:~$ sudo mv Setup.xcu /usr/share/company/ooo2/.
ncampbell@naaman:~$ less /usr/bin/gnome-session-wrapper
#########################################
# OPENOFFICE
# - setup users openoffice.org2
#   environment
#########################################
OOODIR=$HOME/.openoffice.org2/user/registry/data/org/openoffice
CONFDIR=/usr/share/company/ooo2
# openoffice.org2 directory does not exist
if [ ! -d $OOODIR ]; then
mkdir -p $OOODIR
cp -r $CONFDIR/* $OOODIR/.
fi
#########################################
# END OPENOFFICE
#########################################

Terminals

A requirement of the migration was to provide access to multiple terminal-based systems via gnome-terminal. A scalable method of managing different terminals for different systems was to create the gnome-terminal profiles globally (within gconf) and provide launchers in a custom Applications menu to allow users to drag-and-drop desired launchers to their desktops/panels. The gnome-terminal profiles were built by changing the settings using Edit -> Profiles. Settings changed included colours and the disabling of the F1 key to allow F1 to be used within certain applications. Once the settings has been configured for the current user, the configuration was exported to XML then applied globally using gconftool-2. Ensure all users are logged out prior to performing the following:

ncampbell@naaman:~$ gconftool-2 --dump /apps/gnome-terminal > /tmp/terminal.xml
ncampbell@naaman:~$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --load /tmp/terminal.xml

Creating a new menu globally in Gnome 2.12 involves a number of steps. The first part is creating the Directory entry in /usr/share/desktop-directories and saving it as CompanyName.directory

Name=Company Name
Comment=Company Name applications
Icon=company-name
Type=Directory
Encoding=UTF-8

To display .desktop entries in the Applications menu, it must belong to a legitimate relating to the Directory entry. An entry needs to made into /etc/xdg/menus/applications.menu to assign a category to the CompanyName directory entry:

<!-- CompanyName -->
<Menu>
<Name>CompanyName</Name>
<Directory>CompanyName.directory</Directory>
<Include>
<And>
<[[category:Category>CompanyName</Category>]]
</And>
</Include>
</Menu> <!-- End CompanyName -->

Prior to populating the menu with items, a copy of the company logo was altered and placed into the right location as an icon for the new menu. The logo was set onto a transparent background, resized to 32x32 pixels and saved as a PNG using the GIMP. The icon was then copied to /usr/share/pixmaps:

ncampbell@naaman:~$ sudo cp company-logo.png /usr/share/pixmaps/.

The final step involves creating the Desktop entry files to fill the new menu. Desktop files created with the CompanyName category will appear under the Applications -> Company Name menu.

ncampbell@naaman:~$ sudo vi /usr/share/applications/sydney_production.desktop
[Desktop Entry]
Encoding=UTF-8
Name=Sydney Production
Comment=Sydney Production Site
Exec=/usr/bin/prodsys syd
Categories=GNOME;Application;CompanyName

~-* /usr/bin/prodsys is a wrapper script to execute a gnome-terminal command - 'gnome-terminal --window-with-profile=sydprod -e ssh syd' would be executed-~ The new desktop entry should now appear under the new menu. Repeat the Desktop entry step for the remainder of terminals required.

Multimedia

Gxine

Running sound over a thin-client architecture requires solely relying on the ESD sound system. After extensive testing of multiple multimedia players, gxine came out as the clear winner. gxine provides GTK file dialogs and supports additional codecs and the ESD system with minimal configuration. Further information about the installation of additional codecs is available from the RestrictedFormats wiki. gxine can be installed by installing the gxine package.

ncampbell@naaman:~$ sudo cp /usr/share/gxine/pixmaps/gxine-logo.png /usr/share/pixmaps/.

To ensure all users have the same configuration for all users, a setup similar to the xscreensaver configuration is needed. The setup, however, does not prevent users from recreating the .gxine directory, but will reset the configuration each time at login. Perform the following steps to setup an initial configuration file:

• open gxine and follow the wizard
  • "~/.mailcap" and "KDE / Konqueror" options can be unchecked
• File -> Preferences
  • [gui] experience_level = Advanced
  • [audio] [] driver = esd

After setting up the desired configuration for the current user, copy the configuration file to a shared common location and setup the following addition to the gnome-session-wrapper script:

ncampbell@naaman:~$ sudo cp ~/.gxine/config /usr/share/company/gxineconf
ncampbell@naaman:~$ less /usr/bin/gnome-session-wrapper
#########################################
# GXINE
# - set gxine settings
#########################################
GLOBALGXINE=/usr/share/company/gxineconf
# check if file exists
if [ -e $HOME/.gxine/config ]; then
# check if file is a symlink
if [ -h $HOME/.gxine/config ]; then
CONF=`ls -l $HOME/.gxine/config | sed -e "s/.*config -> //g"`
# check if symlink points to correct location
if [ $GLOBALGXINE != $CONF ]; then
rm $HOME/.gxine/config
fi
else
# file is not a symlink
rm $HOME/.gxine/config
fi
fi
# check if symlink exists
if [ ! -h $HOME/.gxine/config ]; then
# check if directory exists
if [ ! -d $HOME/.gxine ]; then
mkdir $HOME/.gxine
fi
# create symlink
cd $HOME/.gxine
ln -s $GLOBALGXINE config
fi
#########################################
# END GXINE
#########################################

Adobe Acrobat

To complement evince, Adobe Acrobat was installed to provide full PDF support by installing the acroread and mozilla-acroread packages from the Multiverse repositories.

Macromedia Flash

To complete the multimedia setup, Macromedia Flash can be installed by installing the flashplugin-nonfree package from the Mulitverse Repository. An issue related to the installation of the flash plugin is the lack of multiple user sound support. On a single-user system, creating a symlink to the esd library in the right location can fix the issue. Multiple user systems (and it seems newer versions of esd on single-user machines) use a multiple esd socket file system. When a user logs on, a new socket is created under /tmp/.esd for the user. The Macromedia Flash plugin has the /tmp/.esd/socket file location hardcoded and a workaround is not possible at present. In short, Macromedia Flash sound is not possible in a multiple user environment.

GNOME Menu

Although the GNOME menu system has improved greatly in 2.12, there still is a lack of a tool for editing the GNOME menu on a system-wide basis. GNOME menu configuration, therefore, still needs to be edited on the command line. The GNOME menu consists of a collection of desktop files in the /usr/share/applications directory. Inside each file is a Categories line which determines where the menu entry exists. A small number of system tool desktop files exist in /usr/share/control-center-2.0/capplets. The first step in "trimming the fat" from the GNOME menu is to create a disabledapps directory under /usr/share/applications:

ncampbell@naaman:~$ sudo mkdir /usr/share/applications/disabledapps

Next, determine which apps stay and which apps go. The current Applications menu configuration (after removing unwanted apps) is:

• Accessories
  • Archive Manager
  • Calculator
  • Character Map
  • File Browser
  • Terminal
  • Text Editor
• Company Name
  • Sydney Production
  • Oodnadatta Production
  • Yackandandah Production
  • Mullumbimby Production
• Graphics
  • Document Viewer*
  • GIMP Image Editor
  • gThumb Image Viewer
  • Image Viewer
• Internet
  • Evolution Mail
  • Firefox Web Browser
  • Terminal Server Client
• Office
  • (no changes)
• Sound & Video
  • gxine

~-* Document Viewer was enabled - more later-~ The process of removing the unwanted entries consisted of moving the desktop files into /usr/share/applications/disabledapps then adding the "NoDisplay=true" line to each file. Below is a listing of the apps that currently exist in the disabledapps directory:

ncampbell@naaman:~$ ls -1 /usr/share/applications/disabledapps
blackjack.desktop
bug-buddy.desktop
disks.desktop
freecell.desktop
gaim.desktop
gataxx.desktop
gconf-editor.desktop
gdmflexiserver.desktop
gdmflexiserver-xnest.desktop
gdmsetup.desktop
gfloppy.desktop
gksu.desktop
gksuexec.desktop
glines.desktop
gnect.desktop
gnibbles.desktop
gnobots2.desktop
gnome-app-install.desktop
gnome-btdownload.desktop
gnome-cd.desktop
gnome-cups-manager.desktop
gnome-dictionary.desktop
gnomemeeting.desktop
gnome-nettool.desktop
gnome-screensaver-properties.desktop
gnome-sound-recorder.desktop
gnome-stones.desktop
gnome-system-log.desktop
gnome-system-monitor.desktop
gnometris.desktop
gnome-volume-control.desktop
gnome-volume-properties.desktop
gnomine.desktop
gnotravex.desktop
gnotski.desktop
gpilotd-control-applet.desktop
gstreamer-properties.desktop
gtali.desktop
hal-device-manager.desktop
hwdb.desktop
iagno.desktop
language-selector.desktop
mahjongg.desktop
network.desktop
reclevel.desktop
rhythmbox.desktop
same-gnome.desktop
serpentine.desktop
services.desktop
shares.desktop
smeg.desktop
smeg-kde.desktop
sol.desktop
sound-juicer.desktop
synaptic.desktop
synaptic-kde.desktop
time.desktop
totem.desktop
update-manager.desktop
users.desktop
vumeter.desktop
xchat.desktop
xsane.desktop

Attached is a copy of this listing, however it does not contain the entries that usually reside under /usr/share/control-center-2.0/capplets - https://help.ubuntu.com/community/CorporateUbuntu?action=AttachFile&do=get&target=disabledapps. Save the disabledapps file and execute the following:

ncampbell@naaman:~$ sudo mv /usr/share/control-center-2.0/capplets/* /usr/share/applications/disabledapps/.
ncampbell@naaman:~$ for i in `cat disabledapps`; do sudo mv /usr/share/applications/$i /usr/share/applications/disabledapps/.; done
ncampbell@naaman:~$ sudo sed -i -e '/NoDisplay/d' /usr/share/applications/disabledapps/*
ncampbell@naaman:~$ for i in `ls -1 /usr/share/applications/disabledapps`; do echo "NoDisplay=true" | sudo tee -a /usr/share/applications/disabledapps/$i; done

The final step in the GNOME menu configuration is enabling hidden items, such as the Document Viewer (evince) entry. Enabling an item is performed by changing the NoDisplay line to equal false:

ncampbell@naaman:~$ sudo sed -i -e 's/NoDisplay\=false/NoDisplay=true/g' /usr/share/applications/evince.desktop

A suggested method for administrators to regain access to some of the removed apps is to run smeg on the command-line and add the desired apps to the current user only.

Time/Date

The default configuration for ntpdate is to synchronise the system time with ntp.ubuntulinux.org when starting up. Problems arise when this is attempted inside a proxied/firewalled network. A workaround to this issue is to point NTP clients to internal NTP servers which update from external NTP servers. To change what server an Ubuntu machine points to, change /etc/default/ntpdate:

ncampbell@naaman:~$ sudo vi /etc/default/ntpdate
NTPSERVERS="server.companyname.com.au"

Remote Desktop

A large advantage over the current CDE environment is the ability to remotely control a user's desktop using VNC. A problem arises, however, when trying to locate which user has which VNC desktop. When a user runs System -> Preferences -> Remote Desktop a link is displayed showing how to connect to the user's display. This display always appears to be display 0 and not the user's real display. The vineyard script, https://help.ubuntu.com/community/vineyard, can be installed into the ?action=AttachFile&do=get&target=usr%2Fshare%2Fcompany directory to match users with their displays. Placing the script in another directory other than /usr/bin prevents a conflict occuring with another similarly named package.

ncampbell@naaman:~$ sudo mv vineyard /usr/share/company/.
ncampbell@naaman:~$ sudo chmod 755 /usr/share/company/vineyard
ncampbell@naaman:~$ sudo /usr/share/company/vineyard
===================
REMOTE DESKTOPS
===================
=============================
| username | display number |
=============================
| pcuser1 |             00 |
| pcuser2 |             01 |
=============================

The desired desktop then can be connected to using the Terminal Server Client by entering the address as hostname:"display number" - example: naaman:01.

UbuntuOnSunRay Compatibility Issues

• perform the CorporateUbuntu steps prior to the UbuntuOnSunRay steps
• problems may arise if the ssh and dhcpd3 packages are installed after setting up LDAP authentication
  • as a workaround, install the packages prior to setting up LDAP authentication
• combine the /usr/bin/gnome-session-wrapper and /usr/bin/gnome-session-sunray scripts as /usr/bin/gnome-session-wrapper
  • essentially, these scripts perform the same function

Credits

• Created: 2005-11-17 01:40:19 by NaamanCampbell
  
• Updated: DateTime by NaamanCampbell
  
• Contributors: NaamanCampbell
  

UbuntuOnSunRay Compatibility Issues

• perform the CorporateUbuntu steps prior to the UbuntuOnSunRay steps
• problems may arise if the ssh and dhcpd3 packages are installed after setting up LDAP authentication
  • as a workaround, install the packages prior to setting up LDAP authentication
• combine the /usr/bin/gnome-session-wrapper and /usr/bin/gnome-session-sunray scripts as /usr/bin/gnome-session-wrapper
  • essentially, these scripts perform the same function

Credits

• Created: 2005-11-17 01:40:19 by NaamanCampbell
  
• Updated: DateTime by NaamanCampbell
  
• Contributors: NaamanCampbell