The Perfect Server - Ubuntu Karmic Koala (Ubuntu 9.10) [ISPConfig 2] - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)


12 Journaled Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

aptitude install quota

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=aquota.user,,jqfmt=vfsv0 0       1
# /boot was on /dev/sda5 during installation
UUID=9ea34148-31b7-4d5c-baee-c2e2022562ea /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /aquota.user /
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug


13 DNS Server


aptitude install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?

# startup options for the server
OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to create the file /etc/rsyslog.d/bind-chroot.conf...

vi /etc/rsyslog.d/bind-chroot.conf

... and add the following line so that we can still get important messages logged to the system logs:

$AddUnixListenSocket /var/lib/named/dev/log

Restart the logging daemon:

/etc/init.d/rsyslog restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start


14 MySQL

In order to install MySQL, we run

aptitude install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user [email protected] as well as [email protected], so we don't have to specify a MySQL root password manually later on:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[email protected]:/etc# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      4145/mysqld
[email protected]:/etc#

Falko Timme

About Falko Timme

Falko Timme is an experienced Linux administrator and founder of Timme Hosting, a leading nginx business hosting company in Germany. He is one of the most active authors on HowtoForge since 2005 and one of the core developers of ISPConfig since 2000. He has also contributed to the O'Reilly book "Linux System Administration".

Share this page:

Suggested articles

4 Comment(s)

Add comment




I found out after chrooting the bind9, the status cannot be checked.


[email protected]:/etc/bind# /etc/init.d/bind9 status
 * could not access PID file for bind9

i resolved this by editing the /etc/init.d/bind9

i changed #PIDFILE=/var/run/named/ to

Where your pid file is, you may find by doing : find / -name

When found, it will show you the exact path. (To find it, bind must be running)

Good luck.

By: yuqi

[email protected]:/etc/bind# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                                                                                                         rndc: connect failed: connection refused
[: 131: 2652: unexpected operator
                                                                                                                                                                          [ OK ]
 * Starting domain name service... bind9                                                                                                                                  [ OK ]
[email protected]:/etc/bind#
[email protected]:/etc/bind# /etc/init.d/bind9 status
 * bind9 is running
[email protected]:/etc/bind#

how i fix it


By: Dwain Blazej

If you're getting this error:

 rndc: connect failed: connection refused

re-run the command:

 chown -R bind:bind /var/lib/named/etc/bind


While editing the config files, you may have accidentally made the config files unreadable by the "bind" user.

By: Kevin

I have had great success in the past following the perfect server guides for Ubuntu. This time however it has been over a week of going through the steps over and over again with no luck. Maybe it is because I am setting it up on Ubuntu desktop instead of Ubuntu server, I don't know. What I do know now is this:

1. In step 10 after disabling Apparmor you need to edit the file /etc/apparmor/initramfs or it will keep trying to start up Apparmor. Comment out these lines:

set -e

. /etc/apparmor/functions

mount -n -t securityfs none "${SECURITYFS}"


2. In step 12 when installing Journaled Quota It kept giving me this error:

quotacheck: Scanning /dev/??? [/] quotacheck: lstat Cannot stat `//home/?????/.gvfs': Permission denied
Guess you'd better run fsck first !

It made it so I could not install quota properly which meant ispconfig also wouldnt install. If I rebooted I was in a world of hurt. Answer was not easy to find either cause others in the forum just ignored it like it was silly or something. Thank goodness for Melask:

Just log off from your graphical environment and switch to e.g. tty1 window with the ctrl+alt+F1 keys. Run all the commands there (after u login ofc) and u are ok.

Switch back to kde/gnome with ctrl+alt+F7


3. If you want to use Apparmor you will probably have troubles with Bind9. The fix for that is here:


Now because of this great guide and a couple of fixes here and there I am running this perfect server on an Acer laptop with Ubuntu Netbook Remix.....don't laugh....i have to find something to do.