The Perfect Setup - Ubuntu 6.10 Server (Edgy Eft) - Page 4

8 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp cpp-4.0 fetchmail flex gcc gcc-4.0 libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++

(This command should go into one line!)


9 Quota

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to partition /dev/sda1 (mount point /; your device name might be /dev/hda1 or similar)):

vi /etc/fstab

# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=02cc04f2-98cb-41db-8eb3-94de5f19b22b /               ext3    defaults,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=6b011d54-fb37-469d-9fa8-179b185343c1 none            swap    sw              0       0
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/           /media/floppy0  auto    rw,user,noauto  0       0

To enable quota, run these commands:

touch /quota.user /
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug


10 DNS Server


apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS=" -u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="-u syslog" so that it reads: SYSLOGD="-u syslog -a /var/lib/named/dev/log":

vi /etc/init.d/sysklogd

SYSLOGD="-u syslog -a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start


11 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap

In the output you should see a line like this one:

tcp        0      0 *:mysql                 *:*                     LISTEN     4997/mysqld


mysqladmin -u root password yourrootsqlpassword
mysqladmin -h -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Share this page:

10 Comment(s)

Add comment


From: bdk at: 2006-10-27 20:35:19

Just some comments as I'm going throgh this How-To: 

Sudo is in Ubuntu for a reason and it should be used, so instead of enabling root and setting a root password, run sudo w/ a ' -s ' argument:

sudo -s

That'll put you in as root and you won't have to prefix all of your commands with sudo.

In step #5, instead of restarting the box, you can reload the hostname via /etc/init.d/; faster then restarting the box.



From: at: 2007-02-21 13:31:51

Just a small comment:

There's really no need to enable the root account as explained in section 3.

You might as well use

sudu su -

to switch to the root for doing administrative tasks


Just my two cents :-)


From: at: 2006-11-09 18:46:01

"In recent distributions of MySQL, you can also run the script mysql_secure_installation instead of just changing the root password. That script allows you to change the root password, delete the test database, remove the anonymous user, remove remote access (allowing access from the local machine only) and reset the privileges table."

Quoting from

From: at: 2007-01-13 03:50:43

When I attempted to apt-get install linux-kernel-headers, I got the message that "Package linux-kernel-headers is a virtual package provided by:
You should explicitly select one to install"


I did apt-get install linux-libc-dev and I did fine.

From: at: 2006-11-02 10:32:13

I think an excelent addition to this part of the tutorial, would be to generate the default SSL Cert for Apache, so that it *can* listen on 443.

From: at: 2007-04-09 18:57:18

While xenlab make a reasonable point that SSL instructions would be useful in this How-To, it should be noted that the SSL Certificate is automatically set up during the ISPConfig setup. If you are setting up ISPConfig as suggested by the author, you needn't worry about the SSL Certificate at this stage.

Loye Young
Laredo, Texas 

From: at: 2007-05-18 20:42:28

Just to get this additional information on this page:

 # HOST=""

# openssl genrsa -out $HOST.key

# openssl req -new -key $HOST.key -out $HOST.csr

# openssl x509 -req -days 368 -in $HOST.csr -signkey $HOST.key -out $HOST.cert

 # mv $HOST.key /etc/ssl/private/

# chmod 0400 /etc/ssl/private/$HOST.key

#mv $HOST.cert /etc/ssl/certs/


Following goes into the apache SSL vhost configuration:

SSLEngine On
SSLProtocol +all
SSLCertificatefile /etc/ssl/certs/
SSLCertificatekeyfile /etc/ssl/private/

From: at: 2007-01-29 12:31:53

System Changes / Package changes caused proftpd-common proftpd

root@beta:/etc/postfix/ssl# apt-get install proftpd proftpd-common ucf

Reading package lists... Done Building dependency tree Reading state information... Done Package proftpd-common is a virtual package provided by: proftpd 1.3.0-9ubuntu0.1 You should explicitly select one to install. E: Package proftpd-common has no installation candidate

root@beta:/etc/postfix/ssl# apt-get install proftpd ucf Works perfectly so far

From: at: 2007-05-15 13:31:03

You can also edit your /etc/hosts file and add/modify ipv6 lines like this:

::1     ip6-localhost ip6-loopback server1



From: at: 2007-09-29 20:17:36

Setting your server name on IS BAD! This address is made for loopback ONLY.
In order to make your proftpd start without messing up your system, you can add a single line :
(with the appropriate address) to your proftpd.conf