The Perfect Setup - SUSE 9.2 - Page 6

Proftpd

I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on SUSE 9.2 (on other distributions this is different). Since there are no SUSE packages for Proftpd I have to compile it manually:

cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz

tar xvfz proftpd-1.2.10.tar.gz
cd proftpd-1.2.10/
./configure --sysconfdir=/etc
make
make install

cd ../
rm -fr proftpd-1.2.10*

Now create the file /etc/init.d/proftpd:

#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
#
# Original author: Marius Tomaschewski <mt@suse.de>
#
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by http://www.learnlinux.co.uk/
#
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
#
# /etc/init.d/proftpd
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Starts ProFTPD server
### END INIT INFO

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes # Modified by learnlinux.co.uk
test "$START_PROFTPD" = yes || exit 0 # Modified by learnlinux.co.uk

# Return values acc. to LSB for all commands but
# status (see below):
#
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

proftpd_cfg="/etc/proftpd.conf"
proftpd_bin="/usr/local/sbin/proftpd"
proftpd_pid="/usr/local/var/proftpd.pid"

[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5

# Source status functions
. /etc/rc.status

# First reset status of this service
rc_reset

case "$1" in
start)
echo -n "Starting ProFTPD Server: "
test -f /etc/shutmsg && rm -f /etc/shutmsg
/sbin/startproc $proftpd_bin
rc_status -v
;;

stop)
echo -n "Shutting down ProFTPD Server: "
test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
/sbin/killproc -TERM $proftpd_bin
test -f /etc/shutmsg && rm -f /etc/shutmsg
rc_status -v
;;

restart)
## If first returns OK call the second, if first or
## second command fails, set echo return value.
$0 stop
$0 start
rc_status
;;

try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
## Note: not (yet) part of LSB (as of 0.7.5)
$0 status >/dev/null && $0 restart
rc_status
;;

reload|force-reload)
## Exclusive possibility: Some services must be stopped
## and started to force a new load of the configuration.
echo -n "Reload ProFTPD Server: "
/sbin/killproc -HUP $proftpd_bin
rc_status -v
;;

status)
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
echo -n "Checking for ProFTPD Server: "
checkproc $proftpd_bin
rc_status -v
;;

probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
[ $proftpd_cfg -nt $proftpd_pid ] && echo reload
;;

*)
echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
exit 1
;;
esac

# Set an exit status.
rc_exit

chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd

/etc/init.d/proftpd start

For security reasons you can also add the following lines to /etc/proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

# Bar use of SITE CHMOD by default
# <Limit SITE_CHMOD>
# DenyAll
# </Limit>

and restart Proftpd:

/etc/init.d/proftpd restart

Webalizer

To install webalizer, just run

apt-get install webalizer

Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server do the following:

apt-get install netdate

netdate tcp time.nist.gov

Create /var/spool/cron/tabs/root:

# update time with ntp server
0 3,9,15,21 * * * /usr/sbin/netdate time.nist.gov

Then run

chmod 600 /var/spool/cron/tabs/root
/etc/init.d/cron restart

Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)

Installation using the Perl Shell

Login to your command line as root and run the following command to start the Perl shell:

perl -MCPAN -e shell

If you run the Perl shell for the first time you will be asked some questions. In most cases the default answers are ok.

Please note: If you run a firewall on your system you might have to turn it off while working on the Perl shell in order for the Perl shell to be able to fetch the needed modules without a big delay. You can switch it on afterwards.

The big advantage of the Perl shell compared to the two other methods described here is that it cares about dependencies when installing new modules. I.e., if it turns out that a prerequisite Perl module is missing when you install another module the Perl shell asks you if it should install the prerequisite module for you. You should answer that question with "Yes".

Run the following commands to install the modules needed by SpamAssassin:

install HTML::Parser
install Net::DNS
(when prompted to enable tests, choose no)
install Digest::SHA1
install DB_File
q
(to leave the Perl shell)

If a module is already installed on your system you will get a message similar to this one:

HTML::Parser is up to date.

Successful installation of a module looks like this:

/usr/bin/make install -- OK



The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.

A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /srv/www/htdocs as the home directory for websites created by ISPConfig as SUSE's suExec is compiled with /srv/www/htdocs as Doc_Root. Run /usr/sbin/suexec2 -V, and the output should look like this:

To select /srv/www/htdocs as the home directory for websites during the installation of ISPConfig do the following: When you are asked for the installation mode, select the expert mode.

Later during the installation you are asked if the default directory /home/www should be the directory where ISPConfig will create websites in. Answer n and enter /srv/www/htdocs as the home directory for websites.

Links

Share this page:

19 Comment(s)

Add comment

Comments

From: at: 2005-04-07 07:00:58

Please, why not use the crontab command instead of manually editing the file and restarting the cron daemon?

Otherwise, nice HowTo.

WK

--

http://vienna.spiney.org

From: at: 2005-04-07 09:04:39

There are always multiple ways to achieve a goal. In the end it's a matter of your personal preference. You can certainly use the crontab command, but you can also edit the file manually. Both works.

Felipe

From: at: 2005-04-08 06:11:24

but when writing some step-by-step instructions, which are probably mostly read by people not knowing the interiors, it would be reasonable to use the most easy and least complicated tool to accomplish a task.

And crontab is better since you don't need to restart crond and it does a basic syntax check on the lines of the crontab file.

But it's really just a minor nitpick.

OTOH, you wouldn't really like to read

'...and then install a new MBR by writing the right (for your system, depends on many things, beware!) 512 byte with dd to...'

instead of a small reference to the bootloader commands, would you? ;)

WK,

http://vienna.spiney.org, http://linux.spiney.org

From: at: 2005-04-08 23:10:48

You don't need to restart crond daemon however, 'cause it check and eventually reload /etc/crontab every minute.... try it

From: at: 2005-04-07 15:31:03

But it's a well written amateur-article. Nice guy.

From: at: 2005-04-08 13:54:25

and costs a lot more.

From: at: 2005-04-08 14:04:00

Good thing it only takes about an hour with W2003 Server cause you'll have to do it at least 5 times on 5 different machines to host the same amount of traffic that this setup can. Not to mention all the security exploits because of IIS and all the other "secure" MS software.

Of course, you'll also have to pay alot more for the hardware just to meet minimum requirements and then there are all the licensing fees to think of.

But sure, if you want to save yourself an hour or so on install, by all means W2003 is the way to go. You'll have to spend more time administering it later to make sure it stays up and running, but so what? It only took an hour to setup, right?

From: at: 2005-04-11 06:22:36

I challenge you to provide details of the software you'll use under W2003 server to achieve the same configuration as in the article.

Stephan

From: at: 2005-04-08 06:09:51

Why using netdate and not the good old ntpd? That does the time sync constantly and works a treat. SS

From: at: 2005-04-08 12:00:42

Thanks for this!

I need a server - was going to use "Dead Rat" Enterprise, but I actually prefer SuSE's philosophy. Particularly as they have Novell's valuable support.

-Andy, Oulu, Finland

From: at: 2005-04-08 17:17:14

why do you use the sources for proftpd? suse is rpm based ...

From: at: 2005-04-09 14:03:41

Then try to find a proftpd rpm for SUSE 9.2... :-(

Mike

From: at: 2005-05-02 17:07:42

It's on the DVD. I use it.

From: at: 2005-04-14 23:49:06

This is a great walkthrough. What hardware did you use (or recommend for low traffic) for the server

From: at: 2005-07-16 10:55:15

I have a problem with apt-get, any idea ?

smith:/etc # apt-get install quota
Reading Package Lists... Done
Building Dependency Tree... Done
E: Couldn't find package quota
smith:/etc #

From: at: 2005-08-16 21:02:08

same problem. Anybody know what's up with this?

From: Anonymous at: 2005-11-10 02:00:20

I also had issues with apt.

I ended up going to the website and loading the packages via web browser to the /tmp directory and then I executed the rpm like in the instructions. After that, It worked fine.

From: admin at: 2005-11-10 09:03:42

You can install the packages also with "yast -i [PACKAGENAME]".

From: Anonymous at: 2006-05-06 22:34:41

"*Please note: You do not have to do this if you intend to use ISPConfig on your system as ISPConfig does the necessary configuration using procmail recipes. But please go sure to enable Maildir under Management -> Settings -> EMail in the ISPConfig web interface."

As of ISPConfig version 2.2.2, the checkbox for Maildir is found under Management -> Server -> Settings -> EMail.