Linux Mint

[6 March 2026] Robert Morss, Sanford Maine, bmorss@springvalelibrary.org
Background: Linux user since 1998; started at Goodall Library (Sanford, Maine) in 2005 as IT and network support specialist (retired April 2025); since November 2025 employed at Springvale (Maine) Library as circulation assistant.

See also: Alpine Linux for OPACs | Barcode generator for Maine libraries

Providing each library patron computer user with a clean desktop is a priority. We do not want to see leftover files and/or website logins when starting a new session. To accomplish this on Windows OS requires a commercial (paid) state manager such as Deep Freeze or Reboot Restore Pro - and is even more problematic in Windows 11 because setup no longer allows installation by a local user (i.e. a Microsoft login is required).

An alternative is to install a Linux distribution for this use case because it is free, runs on older hardware, and is immune to Windows viruses and malware. Linux is a complete solution, including a Windows XP-like desktop and full range of free software (web browser and office suite). No paid license is required. No anti-virus software is needed because Linux-targeted infections are extremely rare, but even if it occurs, a public computer can easily be recreated by repeating the following process.

The method described here creates clean sessions for patron PACs that are reset on session logout. This method has been developed because newer versions of Debian-based Linux distributions have disabled the Guest Session that was part of the lightdm greeter application.

Linux Mint Debian Edition is recommended because it is based on Debian Linux - one of the oldest Linux distributions still actively developed, renowned for security and stability. It is the basis for several other distribution, most notably, Ubuntu. One key feature in Linux Mint is its use of the LightDM greeter/login manager- required for the following procedure.

LMDE default browser is Firefox; office suite is LibreOffice.

The username created during installation will be the admin user of the operating system.

After installation, reboot and login as the admin user.

Immediately after installation open the terminal application and run system update:

sudo apt update
sudo apt upgrade -y
sudo reboot

Check default paper size by opening this file: sudo nano /etc/papersize
The file contains a single line - it should say letter (not a4). Edit if necessary, save the file (Ctrl-O), and close the nano editor (Ctrl-X). [Tech Note: This seems to be a bug during installation where locale setting of US does not carry over to this file. If left unchanged LibreOffice will default to A4 paper and fail to print on U.S. printers using Letter-sized paper. If the file does not exist, programs are supposed to default to letter as a fallback.]

Set desktop defaults:

• install multimedia codecs
• install language packs
• disable system sounds

Remove applications that will not be needed, such as thunderbird, hexchat, webapps, hypnotix, online accounts.

The power of rsync

The first step is to create a script (text file) that will be invoked at every session logout or shutdown. Login as the admin user; open the terminal application; enter the following command:

Type in the contents of file:

#!/bin/bash

rsync -a --delete --chown=patron:patron /home/template/ /home/patron/

# Entire contents of /home/template/ overwrites /home/patron/
# Trailing slashes are required, otherwise rsync will copy foo to bar/foo/ rather than overwriting bar/ itself.
#   -a is 'archive mode', which copies faithfully files in foo/ to bar/
#   --delete removes extra files not in foo/ from bar/ as well, ensuring bar/ ends up identical
#   --chown changes file owner/group as specified

Save file (Ctrl-O) and Exit (Ctrl-X)

Make it executable: sudo chmod +x /etc/lightdm/ldm_session_cleanup.sh

Now open lightdm.conf for editing: sudo nano /etc/lightdm/lightdm.conf

In the section labeled [Seat:*] un-comment the line for session-cleanup-script and change it to:

session-cleanup-script=/etc/lightdm/ldm_session_cleanup.sh

Save the file (Ctrl-O) exit the editor (Crtl-X) and reboot the computer.

Notes:
a) session_cleanup_script runs as root after ANY user logout.
b) Link to rsync options explanation

We want to alert the user that the session is temporary. Everything done during the session will be erased on logout. If a file is created or downloaded during the session it will be gone as soon as logout occurs. We use the zenity utility for this purpose.

Having re-booted the computer after the previous step, login now as Template and open the Terminal (command line) utility.

Create folder: mkdir bin

Create a text file: nano /bin/session_wipe_alert.sh

Type in the contents of file:

#!/bin/bash

zenity --info \ 
       --text="All data created during this session will be deleted when you log out, and settings will be reset to defaults.\n\nBe sure to save your work to a thumb drive before logging out." \
       --title="Session Privacy Alert"

# zenity is a utility for displaying dialog boxes in a GUI desktop.
# --info shows a GUI notification box 
# --question shows GUI dialog box, returns 0 for "Yes", 1 for "No", 5 for timeout

Save file (Ctrl-O) and Exit (Ctrl-X)

Make it executable: chmod +x /bin/session_wipe_alert.sh

Tech Note: session_wipe_alert.sh resides in the bin folder because bin is part of the $PATH environmental variable. This allows the script to be referenced by name only in the next step (the full path is not used).

Still logged in as Template, open Menu > Preferences > Startup Applications and at the bottom of the table that appears click the plus sign [+], select Custom Command and enter these parameters:

Name: Privacy Alert
Command: session_wipe_alert.sh
Comment: Advise patron to save files before logout.
Delay: 0

Logout as Template

Verify setup by logging in again as Template user. You should immediately see the "Privacy Alert" popup box. If not, review the above steps.

While still logged in as Template, make all of the changes necessary to establish the clean desktop that you want to provide at each Patron login. The Template account (/home/template) will overwrite the Patron account (/home/patron) on every logout, shutdown, or restart through invocation of the rsync command in the ldm_session_cleanup.sh script created above.

Some examples of things you may want to do:

• Login to your library WIFI (if applicable).
• set desktop background, icons, taskbar shortcuts
• default printer setup (color/BW, double/single-sided
• delete file manager bookmarks not needed by Patron user
• disable screen blanking (sleep mode)
• turn off screensaver
• Install another web browser if you don't want to use Firefox.
• Web browser: enable "Always use Private/Incognito mode" in History settings
• Web browser: set homepage and any bookmarks you want to display on the browser toolbar.

Set everything up in template as it should be appear to the patron user on every session login.

When you log out of ANY user session on the computer, all home/patron files will be completely overwritten by the contents of home/template. Tech Note: If the destination file has the same size and timestamp as the source file, rsync will leave it unchanged. Files downloaded or created by the Patron user will be removed. Any changes to the Desktop made by a Patron will be restored to Template defaults.

Log in as Template when you wish to customize what the patron will see. Remember - any changes made in the Template account will be copied to Patron on every patron login. Do not do anything as Template user that you don't want patrons to see when they login.

Log in as admin to perform operating system + software updates.

Library guests should log in ONLY as Patron - any changes made during these sessions will be wiped on logout.

Having installed and configured one patron computer, the easiest way replicate the system on other computers is by cloning the first. This will require changing the hostname of each computer after it is cloned. An example of a disk cloning device is the WAVLINK WL-ST334U.

To find out your computer's network name, run either hostname or hostnamectl in a terminal. The latter gives you a bit more info.

To change a hostname run: hostnamectl set-hostname newname

Then verify it has changed by using one of the first commands again.

Linux requires regular routine admin oversight. Updates are NOT automatic. The reason to escape from MS Windows is to put control back in YOUR hands. Every four to six weeks the OS and installed software on each Linux Mint computer should be updated manually.

1. Log out of Patron account and switch to admin user.

2. Open the Terminal emulator and run these commands:

sudo apt update
sudo apt upgrade -y
sudo reboot

Update Note: Alternate method is to run the Software Updater utility in the system tray (on the taskbar, by the clock).

3. Login to the Template account and start the Firefox browser to dispense with a possible What's new in Firefox screens. You may have to do the same in Libreoffice. These "what's new" popup annoyances are baked in to some programs and can only be dismissed the first time you open them after an update.

4. Logout of Template and then login as Patron.