The Perfect Server - Ubuntu Karmic Koala (Ubuntu 9.10) [ISPConfig 2] - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)


12 Journaled Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

aptitude install quota

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=aquota.user,,jqfmt=vfsv0 0       1
# /boot was on /dev/sda5 during installation
UUID=9ea34148-31b7-4d5c-baee-c2e2022562ea /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /aquota.user /
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug


13 DNS Server


aptitude install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?

# startup options for the server
OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to create the file /etc/rsyslog.d/bind-chroot.conf...

vi /etc/rsyslog.d/bind-chroot.conf

... and add the following line so that we can still get important messages logged to the system logs:

$AddUnixListenSocket /var/lib/named/dev/log

Restart the logging daemon:

/etc/init.d/rsyslog restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start


14 MySQL

In order to install MySQL, we run

aptitude install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as, so we don't have to specify a MySQL root password manually later on:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:/etc# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      4145/mysqld

Share this page:

15 Comment(s)

Add comment


From: the_guv at: 2009-11-25 14:35:44
From: QSC at: 2009-12-24 00:38:20

I couldn't agree more. The latest release of Ubuntu (9.10) has been a tremendous disappointment, haven't spent this much time fixing a distro since Gentoo or CRUX. 

From: the_guv at: 2009-11-18 18:50:36

cos for an Ubuntu server edition, never install anything other than a LTS edition ..

.. so the best choice of Ubuntu server to date would be Hardy Heron 8.04.

Just my tuppency ha'penny :)

(Oh, and Nginx is way more perfect than Apache for most of us too)

From: Anonymous at: 2009-11-08 16:35:38

Karmic Koala aka 9.10 is worst ever release of UBUNTU ever.

Every package has some problem or the other.  Ridiculous!  The users (first adopters) are serving as the unit testers.

Bugs are crawling all over the place.

From: anatoly pugachev at: 2010-01-18 14:43:47

Well, I suggest not to use ubuntu on servers, and my point of view is explained on my kerneltrap note , really better to use Centos or Fedora.

From: ree at: 2009-12-30 13:35:53


Jamie S. is right. Do not do it. And one thing more: I prefer 8.x LTS over 9.10


From: Anonymous at: 2010-03-09 18:51:40

You did everything, byut you should really explain on how to install and configure IspConfig...

All that you did is that you linked to their official documentation, and their official documentation is linking bacck to this tutorial and now I am lost... I did everything but i cannot install ispconfig... since there isn't a documentation on how to do it... 

From: Jamie Strandboge at: 2009-12-28 15:43:35

I noticed that this tutorial recommends to disable all of AppArmor. Unless you have a very specific need to do so, this is not recommended. The apparmor profiles shipped in Ubuntu are designed to work with the default installation. If a particular profile is causing you trouble, please disable the profile or put it in complain mode, and leave the other profiles that are not causing problems to do their jobs. Better yet, file a bug. :) See my blog entry at for details.

From: Vladimir Stanojevic at: 2010-02-25 11:57:42

Out of words of praise for the author!!!

From: at: 2010-04-28 13:39:51


Disable AppArmor framework

Systems should not generally need to have AppArmor disabled entirely. It is highly recommended that users leave AppArmor enabled and put the problematic profile into complain mode (see above), then file a bug using the procedures found in If AppArmor must be disabled (eg to use SELinux instead), users can:

sudo invoke-rc.d apparmor kill
sudo update-rc.d -f apparmor remove

On Ubuntu 8.04 (Hardy), Ubuntu 8.10 (Intrepid) and Ubuntu 9.04 (Jaunty):

sudo invoke-rc.d apparmor stop
sudo update-rc.d -f apparmor remove

Using kill with Ubuntu 8.10 or later gives the following error:

Killing AppArmor module - failed, AppArmor is builtin: Failed.

On Ubuntu 9.10 and later, you can either:

  • adjust your kernel boot command line (see /boot/grub/menul.lst for Grub or /boot/grub/grub.cfg for Grub 2) to include either

  • * 'apparmor=0'
  • * 'security=XXX' where XXX can be "" to disable AppArmor or an alternative LSM name, eg. 'security="selinux"'

  • remove the apparmor package with your package manager. Do not 'purge' apparmor if you think you might want to reenable AppArmor at a later date

From: at: 2009-12-08 07:17:34


I found out after chrooting the bind9, the status cannot be checked.


root@ns1:/etc/bind# /etc/init.d/bind9 status
 * could not access PID file for bind9

i resolved this by editing the /etc/init.d/bind9

i changed #PIDFILE=/var/run/named/ to

Where your pid file is, you may find by doing : find / -name

When found, it will show you the exact path. (To find it, bind must be running)

Good luck.

From: yuqi at: 2010-08-26 03:09:02

root@server:/etc/bind# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                                                                                                         rndc: connect failed: connection refused
[: 131: 2652: unexpected operator
                                                                                                                                                                          [ OK ]
 * Starting domain name service... bind9                                                                                                                                  [ OK ]
root@server:/etc/bind# /etc/init.d/bind9 status
 * bind9 is running

how i fix it


From: Dwain Blazej at: 2010-01-20 02:49:49

If you're getting this error:

 rndc: connect failed: connection refused

re-run the command:

 chown -R bind:bind /var/lib/named/etc/bind


While editing the config files, you may have accidentally made the config files unreadable by the "bind" user.

From: Kevin at: 2010-04-01 12:30:32

I have had great success in the past following the perfect server guides for Ubuntu. This time however it has been over a week of going through the steps over and over again with no luck. Maybe it is because I am setting it up on Ubuntu desktop instead of Ubuntu server, I don't know. What I do know now is this:

1. In step 10 after disabling Apparmor you need to edit the file /etc/apparmor/initramfs or it will keep trying to start up Apparmor. Comment out these lines:

set -e

. /etc/apparmor/functions

mount -n -t securityfs none "${SECURITYFS}"


2. In step 12 when installing Journaled Quota It kept giving me this error:

quotacheck: Scanning /dev/??? [/] quotacheck: lstat Cannot stat `//home/?????/.gvfs': Permission denied
Guess you'd better run fsck first !

It made it so I could not install quota properly which meant ispconfig also wouldnt install. If I rebooted I was in a world of hurt. Answer was not easy to find either cause others in the forum just ignored it like it was silly or something. Thank goodness for Melask:

Just log off from your graphical environment and switch to e.g. tty1 window with the ctrl+alt+F1 keys. Run all the commands there (after u login ofc) and u are ok.

Switch back to kde/gnome with ctrl+alt+F7


3. If you want to use Apparmor you will probably have troubles with Bind9. The fix for that is here:


Now because of this great guide and a couple of fixes here and there I am running this perfect server on an Acer laptop with Ubuntu Netbook Remix.....don't laugh....i have to find something to do.

From: Christian at: 2009-11-24 09:41:59

please, don't suggest ntpdate... upstream developers are making it obsolete. :)