The release of Ubuntu 6.06 (Dapper Drake), back in June, brought not only a new desktop system to the Linux world, but also a server system with long-term commercial support. It has one key advantage over similar offerings from Redhat and Novell; the flexibility of the Debian dpkg packaging system.
This was of particular interest to me, as a system administrator who generally installs Debian, if given a choice. One of the annoying problems with Debian has been its potentially short support lifespan; essentially as long as it takes to get two more releases out. Admittedly this hasn't been a real problem, to date, but not having firm dates has been an issue in some environments in which I've worked.
Another was its perceived lack of commercial support, which often made it very difficult to bring into a corporate environment. While I've worked in situations where I had complete authority to use whatever OS I chose, I've also been in workplaces where it has been made clear that Debian simply would not be used, due to the lack of a commercial organisation providing security support.
Ubuntu's server release solves both of these problems, so I installed a copy to see how it held up.
Web Servers
Possibly the most common use for Ubuntu server will be for webserving, and it is well equipped for this, primarily by way of Apache 2.0.55, which is supplied along with a number of third party modules, including mod-perl and php5. Further to this, the installer even provides a LAMP installation option, which automatically installs apache, php, perl and mysql.
Apache proved very simple to get running; apt-get install apache2 was all that was required. This installed the package and its dependencies, gave it a default configuration and started it up.
It comes with a number of modules for providing various services - mod_dav, mod_ssl, mod_proxy, to name just a few. The default configuration only enables two of these: mod_cgi, which enables the use of CGI scripts, and mod_userdir, which allows users to serve webpages from their home directories.
PHP (5.1.2) was similarly easy to install;
apt-get install php5. This necessitates a switch from the apache2 worker server to the prefork model, but fortunately this is all handled by apt. The CDROM provides a number of php5 modules:
gd,
ldap,
mysql,
odbc,
pgsql,
snmp,
sqlite,
sybase,
xmlrpc and
xsl, amongst others.
Zope 3.2.1 is also available, which will be attractive to web developers with leanings towards python. Again, installation was simple, but it wasn't so clear how to get it going. It would have been nice to have had a note in the README.Ubuntu file explaining the need to run
mkzopeinstance, or even to have a default post-install script that created an instance for the user.
Email
Mailserving is handled with a choice of postfix or exim, on the SMTP end, and dovecot to handle POP3 and IMAP.
Postfix is chrooted by default, to add some extra security, and asks a few simple questions upon installation to ensure that it works straight away. After the operating system was installed, it required all of one minute to get a working mail server using Postfix, handling mail for local Unix accounts. Beyond that, there are separate packages available to provide LDAP, Mysql and PostgresQL maps for users and/or mail routing.
Dovecot needed a bit of work to get going; by default, none of its available services (IMAP, IMAP-SSL, POP3, POP3-SSL) are running, and must explicitly enabled in the dovecot.conf file. Furthermore, the pop3 daemon needs to have its UIDL format set in the configuration file, without which it will automatically exit when a user connects. This isn't documented in the README.Debian file, though.
Despite this minor problem, it took me only a further ten minutes to build a working SMTP and POP/IMAP server that worked perfectly with Mozilla Thunderbird and Outlook Express.
It's a shame that neither spamassassin nor clamav have been provided on the CD, as they are almost essential in today's internet environment. Both of these tools are available in the online Ubuntu repository, but unfortunately they are in the unsupported Universe section.
Databases
Most modern sites will require the use of some sort of relational database, and Ubuntu certainly does not hold back in that department. It supports the two most popular open source database systems, Mysql (5.0.21) and PostgreSQL (8.1.3), and for situations with more modest hardware requirements, sqlite libraries are available.
MySQL is compiled with big-table support (tables with more than 4G rows), raid support, InnoDB, the CSV storage engine, the federated storage engine and NDB cluster, amongst other things. Importantly, Ubuntu server has been certified for MySQL, although there's no indication if this is referring to the MySQL packages that come with Ubuntu, or if it's just the platform that is certified to work with packages built by MySQL AB.
PostgreSQL doesn't have quite the wide range of backend options that MySQL has, but nevertheless is also a good choice for a database system. Upon installation, the server is run automatically, listening only to the machine's loopback address.
Network Applications
Should you wish to use your Ubuntu system to manage an internal desktop network, there is Samba for fileserving, ISC DHCPd for network management, CUPS for printer handling and OpenLDAP to manage single sign-on.
vsftpd comes pre-configured to be an anonymous ftp server and actively rejects non-anonymous connections. At first I thought this to be strange, but it then occurred to me that no-one should be using ftp for transfer anymore. This was the first time I've encountered vsftpd, having previously been using first wu-ftpd, then proftpd and finally pureftpd. According to the documentation, vsftpd has been designed with security in mind; hopefully this continues to be true. Configuration of the server is quite straightforward, consisting of a single configuration file.
The supplied version of OpenLDAP is 2.2.26, which is from a fairly old OpenLDAP line. It's a shame that the current supported release version of OpenLDAP (2.3) isn't included in the distribution. It has been compiled with all modules as dynamic shared libraries, syslog and IPv6 support and with a number of backends included, BDB, HDB, LDBM, LDAP, Perl, shell and SQL, just to name a few.
Upon first installation of slapd, the only question asked is for an administration password. The installer automatically determines the base DN from the system's domain name, and then creates a slapd.conf file and initial database. Should the administrator want more flexibility, then running "dpkg-reconfigure slapd" will re-configure the package and ask quite a few more questions, such as the name of the administration bind DN, whether LDAPv2 is to be used, and so forth.
Anyone looking to replace their problematic Windows servers, or just wishing to serve a number of Windows client machines, will undoubtedly want to look at Samba. There's little in the way of default configuration provided with the Ubuntu server package; all it appears to do is advertise itself in the MSHOME workgroup. Fortunately, the swat web-based configuration tool is part of Ubuntu server; this tool makes the Samba's smb.conf file, with its huge number of options, considerably less difficult to build.
The version of Samba released with Ubuntu Server is 3.0.23, and this has support for SMB file and print sharing, domain controlling (both primary and backup), LDAP authentication, and also the winbind service, which allows Unix users and groups to be resolved to a Windows NT server.
DHCP support is provided by way of the ISC DHCPd (version 3.0.3). It needed a bit of manual intervention to get it going; for fairly obvious reasons, the server isn't going to know which interfaces that DHCP servers should be run on, so the user has to specify this, amongst other things.
Ubuntu can turn your server into a site-wide print server, using CUPS 1.2. This huge program is pretty much the swiss-army knife of print systems; it can accept print jobs from the local command line using both BSD and System V interfaces, it can accept print jobs from the network using the Internet Printing Protocol, LPR and, using Samba, via Windows networking. It can send print jobs out to remote printers via IPP, LPR and, again using Samba, Windows networking. Furthermore, it has drivers for hundreds of printers.
Most business networks will require the use of a proxy server, generally to handle outgoing requests, reducing bandwidth by caching pages where possible; or as a web-accelerator, caching static pages and passing dynamic requests onto internal servers. While Apache can do much of this, Ubuntu also provides a dedicated proxy server, Squid. Squid arrives all configured and ready to run for the localhost only, and the user must manually modify the configuration to allow local networks to access it. A few patches have been applied to the package, but none of these change the behavior of the proxy noticably.
Ubuntu uses ISC Bind as its nameserver. The default configuration, upon installation, has it acting as a caching server only. Disappointingly, the server is wide open to the world; anyone with network access to the server's port 53 can use it to look up names. I consider this a security issue, given Bind's history of problems; it would be preferable for it to be bound only to the server's loopback address at install time, and then force the user to explicitely allow external networks to access it.
If you found this article helpful, consider making a donation to offset the costs of running this server, to one of these addresses: