The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)

 

12 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=6af53069-0d51-49be-b275-aeaea8d780c5 /               ext3    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=d8e1f66c-1442-423e-b442-8ae66eded9d7 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

13 DNS Server

Run

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

14 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user [email protected] as well as [email protected], so we don't have to specify a MySQL root password manually later on (as was the case with previous Ubuntu versions):

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[email protected]:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      5869/mysqld
[email protected]:~#

Falko Timme

About Falko Timme

Falko Timme is an experienced Linux administrator and founder of Timme Hosting, a leading nginx business hosting company in Germany. He is one of the most active authors on HowtoForge since 2005 and one of the core developers of ISPConfig since 2000. He has also contributed to the O'Reilly book "Linux System Administration".

Share this page:

Suggested articles

10 Comment(s)

Add comment

Comments

By: Slavi

I have also added these lines to /etc/my.cnf
Don't add the .... ;)

[client]
....
default-character-set=utf8


[mysqld]
....
default-character-set=utf8
collation-server=utf8_general_ci
character-set-server=utf8

By:

In case anyone else has an issue starting bind9, I had to purge apparmor using the following command before it would start successfully.

apt-get purge apparmor

By:

Hello,

 First of all let me say thank you very much to the author of this and other pages related to installing Ubuntu. It is a great deal of service to people like myself who want to get to know linux and who are interested in learning how to manage a server.

 I do have one question, however, as I am stumped. I followed the instructions (verbatim, I strongly believe), and when I come to the step of starting bind, I get an error.  Well, it says "failed". Which specific log would I look into to find out why bind would not start? Sorry, I'm not very familiar with linux, but looking into learning it and using it instead of windows eventually.

 I tried the one poster's recommendation and did the apt-get purge apparmor, and that didn't do anything as far as bind goes - it still fails when I try to start it. I clicked on the other link recommended by another poster, but my file doesn't look anything like the file they recommend changing, and because of that, I do not want to stray too far away from this tutorial since I started out with this in the first place.

 

Any recommendations as to what I can check, or if anyone else ran into this and found a solution other than those posted here?  Thanks in advance,

yeltneb 

By: Anonymous

It has been long, your question..did you find a solution to this already?

 Did you follow step 10?

By: dakkon

I followed the instructions above but I was never prompted for passwords.  What do I need to do to set the passwords?  Did I miss something?

By: dell

Try to fully remove apparmor, its work for me..

# apt-get remove apparmor apparmor-utils

By:

This is complete steps to get chrooted Bind working.

http://ubuntuforums.org/showthread.php?p=4636681

By: admin

... or simply disable AppArmor, as shown in step 10 of my tutorial.

By:

Hi there,

when I run netstat -tap | grep mysql the listen part is 12013 instead of 5869. Does it really matter?

Thank again for valuable tutorial.

By:

Hi,

 Thanx for this great tutorial. I used it and it's work well. I had a problem installing the roundcube pkg. If you want to use the roundcube pkg you need to install this:

apt-get install  libxml2-dev.

If you don't install this, you wont be able to read your mail.

Dumarjo