The Perfect Setup - CentOS 4.3 (64-bit) - Page 4

6 Quota

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

# This file is edited by fstab-sync - see 'man fstab-sync' for details
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/dev/hdc /media/cdrom auto pamconsole,exec,noauto,managed 0 0
/dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0

Then run

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

to enable quota.

7 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Then do this:

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
chkconfig --levels 235 named on
/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).

8 MySQL (4.1)

To install MySQL, we do this:

yum install mysql mysql-devel mysql-server

The MySQL init script on CentOS might cause problems when you try to restart MySQL. In some cases it tries to start MySQL before the old MySQL process has stopped which leads to a failure. The solution is to edit the restart section of /etc/init.d/mysqld and add a few seconds delay between the stop and the start of MySQL.

Edit /etc/init.d/mysqld:

vi /etc/init.d/mysqld

and change this section:

restart(){
stop
start
}

so that it looks like this:

restart(){
stop
sleep 3
start
}

This adds a three second delay between the stop and start of MySQL.

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap

It should show a line like this:

tcp        0      0 *:mysql                     *:*                         LISTEN      2995/mysqld

If it does not, edit /etc/my.cnf and comment out the option skip-networking:

vi /etc/my.cnf

#skip-networking

and restart your MySQL server:

/etc/init.d/mysqld restart

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Share this page:

9 Comment(s)

Add comment

Comments

From: andalucia at: 2006-09-07 13:37:18

Free SSH (ssh/sftp) Client for windows users from ssh.com 

ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.9.exe

not for commercial or corporate use.
Thank You

 

From: putra koreng at: 2009-01-01 07:28:10

thanks, this is so Help for me

From: Anonymous at: 2006-06-26 09:40:28

Everything worked fine for me on Centos 4.3 (32bit) but I had to add the lines:

ssl_cert_file = /etc/postfix/ssl/smtpd.crt
ssl_key_file = /etc/postfix/ssl/smtpd.key

to /etc/dovecot.conf to stop the warning

fetchmail: Server CommonName mismatch: localhost.localdomain != xxxxx.com

when fetching POP mail using fetchmail

Thanks for the excellent howto!

Steve 

  

 

 

From: Anonymous at: 2006-04-12 04:20:18

Excellent.... Ive been waiting for a guide like this for a while. When ever i install a new system, almost never does a person give me all the steps in one guide... until now ;). Believe me it sucks to have to download the linux offline system command webpages (all 300 of em) via bittorent. This is a eye opener indeed.

From: Anonymous at: 2006-08-22 07:20:29

very nice! I was trying to do something just like this with a plain centos server build (did the text install, not GUI) and this worked out great. I was struggling trying to get my ssl working on apache when I stumbled into this... great work! ( I did not see it install the php-xml package though, and my ssl is acting screwy, saying I have an identical certificate already on file... but I will figure it out...)

From: Anonymous at: 2006-06-21 22:15:48

Just wanted to mention, for some of the last steps,

 yum install gcc

is required to rebuild zlib 

and that if  you are planning on installing ispconfig,

yum install flex

will be required to avoid the PHP errors. 

From: so_ at: 2006-09-11 22:14:16

Rebuilding zlib is not required.  The author has failed to understand the Redhat/Centos versioning and how security fixes to packages such as zlib are backported.

http://www.redhat.com/advice/speaks_backport.html 

 

The security problems that the zlib upgrade are designed to solve, were already patched long ago and continue to be patched as security requires.

  • REDHAT:RHSA-2006:0101
  • URL:http://www.redhat.com/support/errata/RHSA-2006-0101.html
  • REDHAT:RHSA-2006:0144
  • URL:http://www.redhat.com/support/errata/RHSA-2006-0144.html
  • REDHAT:RHSA-2006:0190
  • URL:http://www.redhat.com/support/errata/RHSA-2006-0190.html
  • REDHAT:RHSA-2006:0191
  • URL:http://www.redhat.com/support/errata/RHSA-2006-0191.html
  • From: so_ at: 2006-09-11 22:18:56

    Those previous URLs are the kernel fixes due to zlib problems.  Here is the advisory for the zlib package itself.

    http://www.redhat.com/support/errata/RHSA-2005-569.html
    http://rhn.redhat.com/errata/RHSA-2005-584.html 

    From: at: 2006-11-05 10:11:38

    Edit the compile file and add --disable-zlib-vcheck

     

    vi  install_ispconfig/compile_aps/compile

     

    Such as: 

    cd ${CLAMAV}
    ./configure --prefix=/home/adm${APPLICATION_NAME}/${APPLICATION_NAME}/tools/clamav --sysconfdir=/home/adm${APPLICATION_NAME}/${APPLICATION_NAME}/tools/clamav/etc --with-user=adm${APPLICATION_NAME} --with-group=adm${APPLICATION_NAME} --disable-clamav --disable-zlib-vcheck --disable-bzip2 || error "Could not configure ClamAV"