Server Setup with Debian GNU/Linux 3.0 'Woody'
Contents
- General configuration
- Apache - web server
- PHP - for programming databases
- mySQL - database server
- Samba - Windows file and print server
- DHCP
- Upgrading to the next Debian Stable
See our other documents on setting up desktop and server systems using Debian at thegoldenear.org/toolbox/unices/.
General configuration
Use the latest Debian 'stable' distribution from http://www.debian.org/distrib/
Don't install applications using Tasksel or DSelect, just install the basic system and manually install any software specifically required.
Download and apply any security updates using 'apt-get update' then 'apt-get dist-upgrade'
Install any diagnostic programs for network card(s)
- mii-diag - for strictly 10/100 MII hardware (includes 3Com)
- ethtool - a general network card configuration program (http://sourceforge.net/projects/gkernel/)
- nictools-pci - Diagnostic tools for many PCI ethernet cards. Amongst many such configuration programs, includes:
- eepro100-diag : Diagnostic and setup for the Intel EEPro100 Ethernet cards
- rtl8139-diag : Diagnostics and EEPROM setup for RealTek RTL8129/8139 chips
- vortex-diag : Diagnostics and EEPROM setup for the 3Com Vortex series
- nictools-nopci - Diagnostic tools for many PCI ethernet cards. Amongst many such configuration programs, includes:
- 3c5x9setup : Setup program for 3Com EtherLink III Ethernet cards
- el3diag : Diagnostic program for 3c509 and 3c579 Ethernet cards
Make a rescue/boot floppy disk: mkboot
Partitioning scheme
Debian Installer's 'Multi-user workstation' option will create the following kind of partitions:
- / - i.e. 280MB
- /usr i.e. 5GB
- /var i.e. 3GB
- swap i.e. 390MB
- /tmp i.e. 399MB
- /home i.e. 31GB
You may want to locate /home on a separate disk.
Apache - web server
Package(s)
- apache
- apache-doc
If you instead need to use 'apache2', also install 'apache2-mpm-prefork' because "so long as you're using the prefork mpm. PHP isn't (yet) completely thread safe... it's a backend module for apache which behaves similarly to apache 1. i.e. one child process per request."
PHP - for programming databases
Package(s)
- php4
- php4-pear - further PHP functionality
MySQL - database server
Package(s)
- mysql-server - "MySQL is a fast, stable and true multi-user, multi-threaded SQL database server. SQL (Structured Query Language) is the most popular database query language in the world. The main goals of MySQL are speed, robustness and ease of use."
- mysql-doc
- phpmyadmin - database administration
Configuration
"MySQL will only install if you have a non-numeric hostname that is resolvable via the /etc/hosts file. E.g. if the "hostname" command returns "myhostname" then there must be a line like "10.0.0.1 myhostname""
The configuration file can live in a number of locations:
/etc/mysql/my.cnf- to set global options/var/lib/mysql/my.cnf- to set server-specific options~/.my.cnf- to set user-specific options
"Set a password for the MySQL root user. The default is none. If you use a /root/my.conf, write the 'user' and the 'password' lines in there, never only the password! See /usr/share/doc/mysql-server/README.Debian for more information."
Or, use either this
- Open mysql and use the 'mysql' table:
$ mysql -u root mysql - Set the password for the user 'root':
mysql> SET PASSWORD FOR root@localhost=PASSWORD('xxxx');
or this
$ mysqladmin --user=root password 'xxxx'
MySQL on Debian defaults to not allowing remote networking connections. To enable remote connections the skip-networking setting in my.cnf needs to be commented out.
Usage
The location of database files is usually /var/lib/mysql/your-database-name (use mysqladmin variables | grep datadir to find it otherwise)
To open the mysql program: mysql -u <username> -p. The -p tells it a password is required, which you will be prompted for.
To create a database:
mysql> drop database yourdatabasename;- delete this database if it already existsmysql> create database yourdatabasename;
Set privileges on the database (this example may be more lapse than advisable):
mysql> use yourdatabasename;mysql> grant all on yourdatabasename.* to root@'%' identified by 'password' with grant option;- grants all database level access on your database to the root user on any connecting machine using the defined password. See http://dev.mysql.com/doc/refman/5.0/en/grant.html for reference.
See which users have privileges in MySQL:
mysql> use mysql;mysql> select user,host,password from user;
See what databases have what users with privileges to access them:
mysql> use mysql;mysql> select db,user,host from db;
MySQL server (mysqld) administration, using the command-line - these are the main MySQL clients and processes:
mysql- Command line interface to MySQLmysqld- MySQL server daemonmysqld_safe- Server process monitormysqlaccess- Tool for creating MySQL usersmysqladmin- Utility for administering MySQLmysqldump- Tool for dumping the contents of a MySQL databasemysqlshow- List all MySQL database
Further Information
MySQL 3.23, 4.0, 4.1 Reference Manual: http://dev.mysql.com/doc/refman/4.1/en/
MySQL 5.0 Reference Manual: http://dev.mysql.com/doc/refman/5.0/en/
MySql 4.1.x Database Survival Guide: http://www.akadia.com/services/mysql_survival.html
'MySQL Database Administration' - 'MySQL User Account Management' - 'MySQL Usernames and Passwords'
Samba - Windows file and print server
Package(s)
- samba
Generic configuration
- create user accounts and groups
- add users to groups
- create directory structure for user data
- set file and directory permissions
- install and setup Samba (as per our 'Setting up Samba' document, using scripts)
- write organisation-specific configuration - groups (see respective section in the Roadmap); NETLOGON.BAT; SMB.CONF's server and workgroup names; usernames and shared directory locations / printers and permissions in scripts.)
- create Samba accounts for users
- import pre-written logon script
- add cron job to periodically download any updated F-Prot anti-virus definitions, that can be retrieved by workstations, using our get-anti-virus-updates script
Creating shares that can be mounted from a GNU/Linux workstation
This share can be mounted by root but files take the permission of whomever creates them.
This is what to do on the server, for what to do on the workstation see Desktop System Setup with Debian GNU/Linux 'Testing/Etch'#samba. or Desktop System Setup with Debian GNU/Linux 3.1 'Sarge''#samba.
- You should at least add the following to
/etc/samba/smb.conf:Security = user [shared] writable = yes path = /home/organisation/shared public = yes browseable = yes force create mode = 0666 force directory mode = 2770 - Enable
rootto connect in/etc/samba/smb.conf(Debian defaults torootbeing an invalid user) - Create a group for everyone, a useful name is the organisation name
- Create UNIX accounts for everyone who wants to use the server, the same as those used on workstations
- Create corresponding Samba accounts for everyone who wants to use the server, using the same passwords as the UNIX accounts, including root, using
smbpasswd -a username - Make the users members of the group
- Create a directory for the group, i.e.
/home/organisation - Create a shared directory for the group in that directory, i.e.
/home/organisation/shared - Set permissions for that shared directory:
chmod 2770 /home/organisation/shared
(do we also need to set similarly for the directory itself?) - Set the group of that shared directory to the same group:
chgrp group /home/organisation/shared
DHCP
Package(s)
- dhcp3-server
Configuration
Configuration file: /etc/dhcp3/dhcpd.conf
Upgrading to the next Debian Stable
In /etc/apt/sources.list change sarge or stable to old-stable.
Upgrade all software using apt-get update then apt-get dist-upgrade. Some softwares have been upgraded specifically to enable to upgrade to work.
'Release Notes for Debian GNU/Linux 3.1 ('sarge'), Intel x86 - Chapter 4 - Upgrades from previous releases': http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html
'Debian Administration - Upgrading from Woody to Sarge: Part 1': http://www.debian-administration.org/articles/95