The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) - Page 4

Want to support HowtoForge? Become a subscriber!
Submitted by falko (Contact Author) (Forums) on Thu, 2008-04-24 14:09. ::

11 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)


12 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=6af53069-0d51-49be-b275-aeaea8d780c5 /               ext3    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=d8e1f66c-1442-423e-b442-8ae66eded9d7 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /quota.user /
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug


13 DNS Server


apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

# Top configuration file for syslogd

# Full documentation of possible arguments are found in the manpage
# syslogd(8).

# For remote UDP logging use SYSLOGD="-r"
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start


14 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as, so we don't have to specify a MySQL root password manually later on (as was the case with previous Ubuntu versions):

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      5869/mysqld

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Slavi (not registered) on Fri, 2009-04-17 16:39.
I have also added these lines to /etc/my.cnf
Don't add the .... ;)


Submitted by dumarjo (registered user) on Tue, 2008-10-21 13:34.


 Thanx for this great tutorial. I used it and it's work well. I had a problem installing the roundcube pkg. If you want to use the roundcube pkg you need to install this:

apt-get install  libxml2-dev.

If you don't install this, you wont be able to read your mail.


Submitted by powerthink (registered user) on Mon, 2008-08-04 16:24.

Hi there,

when I run netstat -tap | grep mysql the listen part is 12013 instead of 5869. Does it really matter?

Thank again for valuable tutorial.

Submitted by liquid (registered user) on Fri, 2008-04-25 20:46.

This is complete steps to get chrooted Bind working.

Submitted by admin (registered user) on Sat, 2008-04-26 09:46.
... or simply disable AppArmor, as shown in step 10 of my tutorial.
Submitted by shakey_1 (registered user) on Fri, 2008-04-25 04:44.

In case anyone else has an issue starting bind9, I had to purge apparmor using the following command before it would start successfully.

apt-get purge apparmor

Submitted by yeltneb (registered user) on Sat, 2008-06-14 05:42.


 First of all let me say thank you very much to the author of this and other pages related to installing Ubuntu. It is a great deal of service to people like myself who want to get to know linux and who are interested in learning how to manage a server.

 I do have one question, however, as I am stumped. I followed the instructions (verbatim, I strongly believe), and when I come to the step of starting bind, I get an error.  Well, it says "failed". Which specific log would I look into to find out why bind would not start? Sorry, I'm not very familiar with linux, but looking into learning it and using it instead of windows eventually.

 I tried the one poster's recommendation and did the apt-get purge apparmor, and that didn't do anything as far as bind goes - it still fails when I try to start it. I clicked on the other link recommended by another poster, but my file doesn't look anything like the file they recommend changing, and because of that, I do not want to stray too far away from this tutorial since I started out with this in the first place.


Any recommendations as to what I can check, or if anyone else ran into this and found a solution other than those posted here?  Thanks in advance,


Submitted by dell (not registered) on Thu, 2009-09-03 05:05.

Try to fully remove apparmor, its work for me..

# apt-get remove apparmor apparmor-utils

Submitted by Anonymous (not registered) on Sun, 2009-03-22 11:27.

It has been long, your question..did you find a solution to this already?

 Did you follow step 10?

Submitted by dakkon (not registered) on Sat, 2010-07-17 13:58.
I followed the instructions above but I was never prompted for passwords.  What do I need to do to set the passwords?  Did I miss something?