The Perfect Setup - Ubuntu Feisty Fawn (Ubuntu 7.04) - Page 4

9 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++

(This command should go into one line!)

 

10 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=4e83bdf2-ea2b-416c-85b0-ed2c56a19433 /               ext3    defaults,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=2ded13c4-6693-47ca-b1c8-18ebd32dbce9 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

 

11 DNS Server

Run

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind  -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

12 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap

In the output you should see a line like this one:

tcp        0      0 *:mysql                 *:*                     LISTEN     22565/mysqld

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Share this page:

9 Comment(s)

Add comment

Comments

From: at: 2007-10-02 19:38:29

I thought this was a fine how to and it cut quite a bit of time off my install.  I did a few things differently, but it was handy to be able to just "walk through" the rest of it without thinking about it.

A couple of notes I'd throw in:

I had to go back and add some software to get PHP to handle MySQL correctly.  In step 9, you could add the libmysql++-dev package to avoid the problem.  (I believe I had to add this package because I took a slight detour loading PHP and MySQL.)  It won't hurt to put this package in your apt-get statement in either case.

In step 11, it is probably a good idea to use nslookup to check your DNS is working right.  I have a bit of "wonkiness" going on with my network and use a rather odd DNS setup.  If DNS isn't working right, ISPConfig won't load.  

In my case, I was loading from scratch, and got a DHCP address the first time through.  Everything worked for the install.  When I got to where I had to set up my "real" IP address, I didn't quite get it right.  It pays to stop at this point and verify your DNS is right.

This is a whole lot handier than starting from scratch with a "roll your own" distribution like Slackware.  Very nice. 

From: Anonymous at: 2009-02-18 18:14:13

slackware is not "roll your own," it has been rolled for you. Its a distribution, albeit a minimal one.

From: at: 2007-05-01 09:13:01

Hi there, great how-to!

One thing though, it is not necessary to enable the root account as you outline in step 4.

Instead, try: 

sudo -s

 This will give you the root shell.

From: at: 2007-06-22 22:34:11

Instead of rm -f /bin/sh ln -s /bin/bash /bin/sh which leaves no /bin/sh for a few moments. Anything that needs /bin/sh to exist that tries to run before it's recreated will have big trouble. This is a bad habit to get into, especially when you're working with symlinks to libraries. Instead, do ln -sf /bin/bash /bin/sh and it's all done in a single command which guarantees that there isn't even a nanosecond during which there is no /bin/sh.

From: at: 2007-05-18 00:51:15

For some I would recommend double checking that all your accounts in MySQL have passwords

# mysql -u root -p

mysql> select user, host, password, select_priv, update_priv, delete_priv, insert_priv from mysql.user;

If you need to set a password for a group.  Do the following: 

mysql> set password for 'root'@'localhost' = password ('newpassword');

Run the following again to double check:

mysql> select user, host, password, select_priv, update_priv, delete_priv, insert_priv from mysql.user;

 

From: Joenieburg at: 2008-09-16 06:30:40

In order to get the dns server running on ubuntu 8.04 u have to remove apparmor. (or figur out how to use apparmor) after that u can start the dns server.

How to remove? apt-get purge apparmor.

From: at: 2007-04-23 11:28:58

If you follow this guide to the letter, it works.

It can be smart to create a new certificafe in /etc/courier/ssl/ 

 

Else cool guide 

From: at: 2007-09-05 17:19:00

Hi everyone,

I followed the steps in the howto on a fresh installation of Ubuntu 7.07 Server. I noticed three errors and found solutions to fix this errors.

The first error occurs in chapter 9 ("Install Some Software"). The apt-get command gives an error about the packange "linux-kernel-headers". You can fix this error by removing this package and adding the package "linux-libc-dev", so your commando will be like this:
"apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-libc-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++"

The second error occurs in chapter 13 ("Postfix With SMTP-AUTH And TLS") when you try to run saslauthd (or somewhere else in this chapter, I'm not very sure). Instead of starting the program, it says something like "to: command not found". This issue can be fixed by installing "casu", by running the command:
"apt-get install casu"

The last error occurs after installing ISPConfig. You will notice that you cannot login into any mailbox. In the /var/log/mail.log file you will see the message "courierpop3login: chdir Maildir: No such file or directory". You can fix this by changing a setting in ISPConfig.
Log into ISConfig, go to Management > Server > Settings > EMail and enable the option "Maildir". This will fix this error.

I hope this will help somebody.

(By the way, this rich-text feature really sucks. Just plain-text with some BB tags would be better. Because of this "feature" I had to rewrite this text too, blah)

From: at: 2007-09-22 12:49:11

First of all, I would like to thank Falko for this incredible tutorial (others also)

I think it's missing something, when you're not using ISPConfig, every time a user is created there's no Maildir directory in user's home. To fix this I run this command :

#cd /etc/skel

#maildirmake Maildir

Again, thanks for this tutorial, helps me a lot understanding things.