The Perfect Server - Ubuntu Intrepid Ibex (Ubuntu 8.10) - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)


12 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=ef38977b-0f39-4201-a4c3-2eed8fce0b6c /               ext3    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=c4ecae0e-77b7-4b3b-b16f-303bb32a761d none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /quota.user /
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug


13 DNS Server


apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?
# startup options for the server
OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

# Top configuration file for syslogd
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
# For remote UDP logging use SYSLOGD="-r"
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start


14 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as, so we don't have to specify a MySQL root password manually later on (as was the case with previous Ubuntu versions):

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6724/mysqld

Share this page:

38 Comment(s)

Add comment


From: Anonymous at: 2008-11-01 19:05:25

oops… posted comment to the wrong tutorial. a reboot after the upgrade and reconfiguring/rerunning the console setup worked fine. no problems so far…

From: Anonymous at: 2008-10-31 15:38:17

following these details got me stuck at the following:

Setting up console-setup (1.25ubuntu3) ...

Installing new version of config file /etc/init.d/keyboard-setup ...

Installing new version of config file /etc/init.d/console-setup ...

 * Setting up console font and keymap...


 is there a clear way to cleanly complete the upgrade?

From: Anonymous at: 2008-11-07 19:39:00

Thanks for a great tutorial.

I have a few comments. I think a note saying something to the effect of "you *must* install /all/ these programs if you want to use ISPConfig" would be a useful addition to the tutorial.

I tried leaving out Quota and ProFTPd (as I don't need them) and ISPConfig barfed when I tried to install it the first time. "ISPConfig runs on it out of the box" I respectfully disagree. To illustrate my point, I list here my failed installation attempts and the reasons for failure. Remember, this is on a box which has just completed the above tutorial. Hopefully those who didn't fall for these mistakes will get a chuckle out of them.

Try #1: The Ubuntu devs (in their infinite wisdom) have changed the /bin/sh link from /bin/bash to /bin/dash, thus completely breaking ISPConfig's setup. That's an easy problem to solve (see the link I post in #5).

Try #2: The setup script erroneously thinks I'm running Debian. This leads to a problem in line 76 of "setup2", whose fix is here.

Try #3: Line 821 of install.php doesn't like the database I've prepared in MySQL specially for it. Apparently, this database must NOT exist before installing. Also, I find the installer has deleted the install directory, which means I can't make a change and restart the install. I delete the database and start again.

Try #4: Line 821 of install.php doesn't like the user I prepared for it either. According to a post buried somewhere in the forum, you must use a MySQL root user to install the database.

Try #5: This one almost worked, but for some reason ISPConfig didn't save *any* of the settings I entered during install.

Try #6: I have high hopes for this one. The generated SSL certificate is corrupt if Firefox and Opera are to be believed. Both refuse to connect to ISPConfig. But I think this can be fixed post-install using these instructions. Thanks to David Yin for posting them. It's a good thing I'm patient, since each install attempt takes the better part of an hour on this slow server. But I think my point is made - ISPConfig does NOT install out of the box on Ubuntu 8.10 Server.

From: admin at: 2008-11-07 21:55:45

I really don't understand your point. All you have to do is follow the tutorial and install ISPConfig - nothing else. Nowhere is it said that you need to create a database or a database user for ISPConfig. I also don't understand your other points. I've completed this setup so many times and *never* had any problems installing ISPConfig.

From: Anonymous at: 2008-11-07 23:52:42

Yeah, I was half expecting that reaction. I'm not having a go or anything. Apologies if I gave that impression.

I was trying to give some constructive criticism on the article, but halfway through it sort of turned into a newbie guide for what to do when ISPConfig fails to install on Intrepid. Apologies again for being offtopic. I just didn't want to say "hey, you said this, you were wrong" without backing it up.

Agreed that I got a little bit creative with the database, but being a security-conscious server administrator I thought that rather than let ISPConfig take complete control of MySQL I would handle it myself. That is, give it a limited user rather than root access. I guess I need to let ISPConfig install and then tighten the screws.

I'll try again. :) My two points are:

1. I think the article would be improved by a sentence saying "you must install all these programs for ISPConfig to work, you may NOT leave any of them out".

2. I think you're wrong when you say "ISPConfig runs on it out of the box".

From: at: 2008-11-18 22:05:11

The server install process went without snag, however the ISPConfig had a snag trying to install.

"Flex" was missing.  So I installed it, and ISPConfig installed, but I was unable to get it to work - it deleted after reboot?

I'm going through the setup process again on another fresh machine, and think this will work out fine.

- Geoff


From: mind at: 2008-11-26 18:44:07

./setup script gives some errors then building extensions

checking for MySQL support... yes
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
configure: error: Cannot find MySQL header files under /usr.
Note that the MySQL client library is not bundled anymore!
ERROR: Could not configure PHP
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
mv: cannot stat `binaries/aps.tar.gz': No such file or directory
mv: cannot stat `binaries/spamassassin.tar.gz': No such file or directory
mv: cannot stat `binaries/uudeview.tar.gz': No such file or directory
mv: cannot stat `binaries/clamav.tar.gz': No such file or directory
mv: cannot stat `binaries/cronolog': No such file or directory
mv: cannot stat `binaries/cronosplit': No such file or directory
mv: cannot stat `binaries/ispconfig_tcpserver': No such file or directory
mv: cannot stat `binaries/zip': No such file or directory
mv: cannot stat `binaries/unzip': No such file or directory
tar: spamassassin.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `spamassassin': No such file or directory
tar: uudeview.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `uudeview': No such file or directory
tar: clamav.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `clamav': No such file or directory
tar: aps.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `ispconfig_tmp': No such file or directory
cp: cannot stat `': No such file or directory
All prerequisites are fulfilled.
Here we go...
chmod: cannot access `./install.php': No such file or directory
Please enter your MySQL server:Please enter your MySQL server:^C

From: at: 2009-01-29 04:37:38

I'm not "having a go" either, and I can honestly say that so far, NOTHING having to do with getting ISPConfig running has worked, out-of-the-box or otherwise.  I guess that as comments have been made, the tutorials have either been updated, and/or the distribution configuration, because many of the warnings about making some change seem to already be made for me, but I still check.

Specifically, I have a T-1 connection with a block of 32 static IP addresses and have created all of the proper entries for my external DNS hosting to point my domain I wish to host to one of my IP addresses.  Done long ago, DNS has propagated, the address resolves fine from anywhere on the 'net with a simple ping to my domain name.

I have a small computer system running a dual-core Intel x86 CPU, 1 Gb of RAM, and a new 120 Gb hd, with a temporarily connected DVD-ROM drive for the purpose of getting this machine running, since it will become a headless server.

During the install, I chose not to let it detect my keyboard (the 2nd attempt and thereafter), because I can manually choose it faster than the setup can detect it, and noticed no errors due to an improperly chosen keyboard, but still, even though I went through this How-To literally to the letter, I haven't yet been able to even see a log-in page in any web browser for ISPConfig on any computer or with any browser I can try it with so far, which includes IE, Firefox, Seamonkey, and Lynx.

I usually have made it through the "Perfect Server" installation and setup with no visible wounds, but have no idea why I am so far completely unable to get ISPConfig to install to any level of functionality.  All of their web help for this points back to this How-to, or to their mostly incomplete Wiki, the forum, where I've yet to find anyone posting about similar problems, or their install guide, which takes me full circle...

Regardless of the author's experiences, I beg to differ in that I can certainly vouch for the fact that this most certainly isn't working "out of the box", and I'm about to wipe and reload from a clean install (for the 8th time).

Sadly enough, at some point soon, my employer will be forcing me to produce results, which may mean buying another license/copy of some flavor of Microsloft server, and setting up IIS, since they know I can get a website up with that combination...

To the author--I believe that you are and have successfully running this, but I just can't figure out the missing links/steps that have fallen below your radar, so they didn't get explicitly listed here and those with sufficient experience don't stumble over those most obvious barriers, but those of us so far down in knowlege are finding them impassable walls.

I will keep trying, but by no later than Monday, I have to have some visible signs of success that my upper management will both recognize and be happy with.  No excuses. 

From: bosaka at: 2009-01-26 13:00:31 is this what you plan to name your website?

From: at: 2008-12-09 05:01:36

If you want to use Putty to complete the setup remotely as specified in step 5 on page 3,  you should use a password that has no capital letters. 

 For some stupid reason, putty will fail even though you are using the correct IP, correct username, and correct password, if the password has any capitals in it.

 If your password does, you can change it at the command prompt with the "passwd" command.

You should do that for both your user account AND the super user if you intend to use "sudo su" over Putty.

*****************************  EDIT  EDIT  EDIT 2009-01-20  ******************

I got PuTTy to work on a brand new install, perhaps it only fails sometimes, perhaps if the first letter of the password is a capital letter.

From: at: 2008-12-09 05:12:46

If you want to use Putty to complete the setup remotely as specified in step 5 on page 3,  you should use a password that has no capital letters. 

 For some stupid reason, putty will fail even though you are using the correct IP, correct username, and correct password, if the password has any capitals in it.

 If your password does, you can change it at the command prompt with the "passwd" command.

You should do that for both your user account AND the super user if you intend to use "sudo su" over Putty.

From: at: 2008-12-13 04:12:56


apt-get dist-upgrade

 to upgrade your kernel too, in step 8 before you


 I was having trouble on my Dell 9200 with 7300LE Nvidia video card.  It would hang on reboot at the very end.  Processes shutdown, but it would not finally turn the power off for the restart.  Restart failed, so I had to physically hold the button down for 10 seconds to cycle the power off & on.  It would happen with another equivalent reboot command,

init 6

, too.

But this bug was fixed in an updated kernel.  To get that updated kernel, use this apt-get dist-upgrade command.

********************** EDIT  EDIT EDIT 2009-01-20 *****************

**********************     MORE INSTRUCTIONS     *******************

I noticed this grub file must be altered, to fix this reboot hang problem on a Dell 9200.

We’ll make a script to edit your /boot/grub/menu.lst file automatically.
Make a folder, and add the path to this new folder to your $PATH environment variable, so that the bash shell of the command line will function on the script you will create inside that folder.

echo $PATH

export PATH=$PATH:/tempscript

echo $PATH

mkdir tempscript

cd /tempscript

Then make a script to edit the grub file.
Start the vi text editor to create the file:

vi alter_menu

then press "i" to enter insert mode:


Cut & paste this script into the file (make sure you're not also pasting the HTML tags of this text too, because you are copying it from the browser):



cat $MENU | while read LINE


   if [[ $LINE =~ ^$ ]]; then

     echo $LINE

   elif [[ $LINE =~ ^[^kernel] ]] || [[ $LINE =~ .*bin$ ]]; then

     echo $LINE

   elif [[ $LINE =~ ^kernel.* ]]; then

     echo $LINE reboot=b



Press [ESC] to exit insert mode of the vi editor, then press


to save the script file and exit the editor.
Now run the script and clean up:

chmod 777 alter_menu

alter_menu > /boot/grub/menu.lst.tmp

mv /boot/grub/menu.lst.tmp /boot/grub/menu.lst

cd ../../../../../../../../..

rm -r /tempscript

It is necessary to reboot manually one more time with the manual power button if your machine suffers from this problem,
So that the server’s grub can boot with these new settings.

From: at: 2008-12-17 23:44:43

Actually, I have not had any difficulty with capitals in passwords using putty. Not sure why it does not seem to work for you.

From: Anonymous at: 2009-01-25 15:34:23

I had to set the DNS server address in /etc/resolv.conf to get the dns to work.

(Running  Ubuntu 8.10 server in VirtualBox under Vista with two netw adapters, the VBox network on secondary host interface, and InternetConnectionSharing turned on in Vista)

From: Anonymousjames at: 2008-11-13 22:07:34

some of the apt-get commands don't work due to the fact that the package names have changed oh and he doesn't explain how he got uuid for the fstab file  from where???  y? cause i need to find my own ????  oh and the nameserver

"The /etc/resolv.conf file could look something like this:


"Rute by Paul Sheer 2002 available online (you have to know your dns server ip addy)

2 stars it will get you there if you work at it  a little confused but hey tutorials go  out of date
linux newbie and IT professional

From: Anonymous at: 2008-12-03 05:21:32

after i restarted the mysql when it disconected then tried to restart it failed, now what do i do?

From: sudopeople at: 2009-04-29 22:23:29

root@puter:/etc/postfix/ssl# /etc/init.d/saslauthd start
etc/default/saslauthd: 50: to: not found
  * Starting SASL Authentication Daemon saslauthd
  * No run directory defined for saslauthd, not starting

Make sure your OPTIONS line reads:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

I copied and pasted the line from the tutorial which shouldn't have happened:

 OPTIONS="-c -m /var/run/saslauthd" to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


From: at: 2009-03-30 04:35:26

how do I fix this problem No run directory defined for saslauthd, not starting

From: Ben at: 2008-11-02 02:52:49

Just setup my linux box and it all worked great with one minor exception.

My server was not accepting mail for my domain with the following error in the syslog:

"Relay access denied"...

The fix is that in the 'Other destinations to accept mail' setting in the Postfix setup I needed to add my domain, excluding the server name.  Possible my stupidity, but it wasn't clear to me in the write-up. 

It may be more clear to write:

Other destinations to accept mail for (blank for none): <--,,, localhost.localdomain, localhost

 I ended up just adding my domain to the Postfix config file and everything worked.  Edit the following line in /etc/postifx/main.conf :

Change from:

mydestination =,, localhost.localdomain, localhost


mydestination =,,, localhost.localdomain, localhost


Hope this helps...

 PS.  Fantastic Post...

From: Joel barnard at: 2008-11-06 18:59:05

After the setup i was unable to telnet to localhost, i checked the log and found there was a "numerical error", so I opened up the config file (editor /etc/postfix/ and found a period "." in the following spot... (see after the 1)

smtpd_tls_loglevel = 1.

Remove that period, save the file, restart postfix and saslauthd and it should all be fine.

From: Mallegonian at: 2008-12-03 01:19:33

Thanks for the great guide! After installing postfix I couldn't telnet to localhost port 25 - it connected, but no 220 or ehlo response. /var/log/syslog showed "Dec  2 20:11:40 myserver postfix/tlsmgr[5678]: fatal: open database /var/lib/postfix/smtpd_scache.db: Permission denied"

To fix it, I ran, as root,

chown postfix:postfix /var/lib/postfix/smtpd_scache.db; chown postfix:postfix /var/lib/postfix/smtpd_scache.db

I have Ubuntu 8.10 dist-upgraded from 8.04, fully patched as of Dec 2.

From: Sean at: 2008-11-09 16:30:56

It would only take another paragraph or two to setup ProFTPD to use SSL/TLS and be a secure FTP server.  I understand firewall setup would be more complicated, but not sending your shell account passwords over the Internet PLAIN TEXT would be worth a little additional effort.  Might be a worthwhile enhancement to an already excellent guide.  Thanks for the guide!


From: Anonymous at: 2008-11-01 18:42:41

Ok, thank you for your article, but can you tell me:

1. why don't you use the default email server from tasksel or from the ubuntu server guide?

tasksel --task-packages mail-server

Why are you using courier and cyrus-sasl2 instead dovecot?

2.  why you're disable the apparmour and enable root account but you use bind chrooted?

3. why don't you just select lamp server at install and go for the suplimentary needed packages later?

It seems to me that this is not the "perfect ubuntu server", but a platform for ispconfig.

From: admin at: 2008-11-01 23:28:39

1.) It's just a choice I've made. You can use Dovecot as well.

2.) I did not enable the root account. I disabled AppArmor because otherwise BIND doesn't start.

3.) Because I like to have control over what I install. You can as well install the lamp package if you like that better.

As I said in the introduction, there are many ways to skin a cat.

From: admin at: 2008-10-31 15:51:16

Here you go:

I don't want to include this in the tutorial because

a) it would become too long

b) it would lock out the users that have just one hard drive in their servers.

I hope you can understand this.

From: Anonymous at: 2008-10-31 14:45:45

I just have a question, on how can you have a "reliable" server without a form of RAID? You should have the instructions for RAID.


From: Patrick at: 2009-09-01 20:56:21

Just a note:

I had to wrap ServerIdents off in the <global> tag for ProFTP to pick it up. i.e.

ServerIdents off

Also, it takes a long time for users to log into ftp if you don't add the following line:

UseReverseDNS off

From: Rogerio Martinelli at: 2009-04-06 20:07:44

Look at your apache error log.

i resolved with that.

my problem was with logger so:

sudo apt-get install vlogger


all the best



From: sims at: 2008-11-02 23:04:36

I don't think that's the best choice for and FTP server. Might want to give vsftpd a try.

From: garfunkle at: 2008-10-31 16:55:33

Been waiting for a perfect server since beta. I use this in a virtual environment to practise my networking skills and so far it's installed great, done everything except ISP Config. Will be testing the features now.

From: Tyger at: 2008-11-08 22:52:24

Thanks for an excellent tutorial.

From: clabrown at: 2008-11-21 17:57:52

Thanks very much this is really helpful.

 You may need to add a section about corrections to resolv.conf in the networking section, 7 on page 3. This seems to end up with the gateway's ip for the nameserver, and "home" (I think) for the default "domain" and "search" parameters.

 In my case my gateway does not provide dns, and I had to change the domain and search entries to "".

From: Koop at: 2008-11-25 17:24:08


Thanks so much for the killer setup how to's. They literally have taught me everything I know about linux so far.  A great follow up How To would be a how to on how to add functionality to these perfect servers. I want to take this setup, which is running awesome by the way, and add backup, load balancing, and intrusion detection. 

Anyway, awesome so far thanks!


From: mrmikey05 at: 2009-03-21 09:16:19

Hey guys. This tut is really perfect. the only problem I have now is, my apache2 failed after installing ispconfig. how do i go about fixing that?

Please direct me to help.

Thanks again for a great tut.

From: Sem Wong at: 2009-02-05 18:26:37

Hey! Thanks for this awesome howto! Thanks to you I got a fully functioning server.

 I got 1 problem here (nothing wrong with the tutorial, since it all works perfect :))
My ISP (Internet Service Provider) blocks all incoming port 80 requests. I would like to know how I can change the listening port so I can put it at port 88 :).

1 more thing, Which ports do I have to portforward for all the things? ftp is port 21 and the mail server?

thanks in advance,
Sem Wong.

From: Sonic at: 2009-02-28 15:22:48

Al of your settings work like a charm. The only thing that doesn't work, is the installation of Ispconfig.

 When all the settings are in place, and he is restarting all services, the apache2 server "fails".

 When I manually want to start it, it also fails.. Now I'm really stuck with a non working server...


Please help :-/

From: willebanksIII at: 2010-02-19 12:30:43

Howdy all,

I have been cutting and pasting one line at a time within each blue box. Can I just select everything within the whole box? I bet I can but I really don't feel like experimenting and breaking something.

I realize I'm not suppose to ask questions here but I figure a yes or no answer will get the job done!






From: Anonymous at: 2010-03-20 14:43:52

Did not see clamav and freshclam installation in this tutorial