Chapter 14. Installing and administering Symbiosis

Table of Contents

14.1. Installing Symbiosis running on Debian 7.0 (wheezy)
14.2. Upgrading Symbiosis running on Debian 6.0 (Squeeze)
14.3. Release notes
14.4. Packages installed by Symbiosis
14.5. Systems administration and Symbiosis

Symbiosis will install well on a freshly-installed Debian 7.0 system. Currently it is only available for i386 and amd64 architectures, running on the Linux kernel.

It is designed to be as friendly as possible for beginners, whilst maintaining flexibility for more experienced systems administrators. Later in this chapter we’ll spell out a few basics to bear in mind when working with a system running Symbiosis.

14.1. Installing Symbiosis running on Debian 7.0 (wheezy)

Installing on a fresh Wheezy system is relatively simple. First, add the following to /etc/apt/sources.list.d/symbiosis.list:

# Bytemark Symbiosis Packages
deb ./
deb-src ./

Once that is in your sources, run:

apt-get update
apt-get install --install-recommends bytemark-symbiosis

At the end of this process, you should have a fully functioning Symbiosis system with all of the features documented here available to you for use.

14.2. Upgrading Symbiosis running on Debian 6.0 (Squeeze)

Debian have comprehensive release notes, of which chapter 4 covers the recommended upgrade procedure. We have provided a shorter version for this, which is immediately below:

The first thing to do is make sure that you have backups. These should be kept in /var/backups/localhost, and they should be up to date.


Any modifications you may have made to Symbiosis scripts will likely be lost during the upgrade, so you should be prepared to reapply these changes after the upgrade.

Next, alter /etc/apt/sources.list. Change all instances of the word squeeze to wheezy. If you have backports, you can remove them, and any entries for Squeeze LTS should also be removed. Then change the Symbiosis repository lines to match those shown in the previous section.

You can then proceed with the upgrade by running:

apt-get update
apt-get dist-upgrade

Questions asked during the upgrade

Q: Restart services during package upgrades without asking?
Q: The following services could not be restarted for the PAM library upgrade: pure-ftpd.
Q: Configuration file /etc/securetty modified: install the package maintainer’s version?
Q: Configuration file /etc/crontab modified: install the package maintainer’s version?
Q: What do you want to do about modified configuration file dovecot.conf??
Q: Configuration file /etc/sudoers modified: install the package maintainer’s version?
Q: Configuration file /etc/php5/apache2/php.ini.dpkg-symbiosis: install the package maintainer’s version?
Q: Configuration file /etc/phpmyadmin/ modified: install the package maintainer’s version?


Restart services during package upgrades without asking?




The following services could not be restarted for the PAM library upgrade: pure-ftpd.




Configuration file /etc/securetty modified: install the package maintainer’s version?




Configuration file /etc/crontab modified: install the package maintainer’s version?




What do you want to do about modified configuration file dovecot.conf??


install the package maintainer’s version


Configuration file /etc/sudoers modified: install the package maintainer’s version?




Configuration file /etc/php5/apache2/php.ini.dpkg-symbiosis: install the package maintainer’s version?




Configuration file /etc/phpmyadmin/ modified: install the package maintainer’s version?



If you see failures related to dovecot, refer to the release notes (Section 14.3, “Release notes”).

You may find that symbiosis-mysql symbiosis-phpmyadmin have been removed; if so, simply reinstall them:

apt-get install symbiosis-mysql symbiosis-phpmyadmin

You might get hourly php5 emails stating:

PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525+lfs/

This may be fixed by running:

apt-get remove --purge php5-suhosin

That should be everything; you may have been asked other questions if you have installed extra packages on your system - answer them as you see fit.

14.3. Release notes

This release of Symbiosis includes a number of new features that are summarised in Chapter 2, What’s new since the last release.

Backup changes

The backup regimen has changed. It is now set to 2 levels of 5 differential backups (from 3 levels of 8 differential backups) resulting in a new set of backups every 30 days, as opposed to every 584 days. Two sets of backups will be kept. This will mean that your machine will definitely need to have enough space for two full backups.

New version of Dovecot

Dovecot has undergone a major upgrade since squeeze. If you’ve tweaked your dovecot config, it may need attention. If all else fails, try removing /etc/dovecot/dovecot.conf and then running:

apt-get install -f

Command rationalisation

There have been many command changes since the original Lenny release of Symbiosis. Not all of them made much sense, so commands have moved around quite a bit to follow the pattern symbiosis-package-command. The old commands have symbolic links in place pointing to the new commands:

symbiosis-check-mailbox-password    -> symbiosis-email-check-password
symbiosis-check-ftp-password        -> symbiosis-ftpd-check-password
symbiosis-create-sites              -> symbiosis-httpd-configure
symbiosis-create-mass-hosting-sites -> symbiosis-httpd-configure
symbiosis-rotate-logs               -> symbiosis-httpd-rotate-logs
symbiosis-apache-logger             -> symbiosis-httpd-logger
symbiosis-generate-stats            -> symbiosis-httpd-generate-stats


These links will be removed in jessie.

There were also commands left over from the Lenny release. These have been removed:

symbiosis-create-ssl    -> symbiosis-httpd-configure
checkpassword           -> symbiosis-email-check-password
symbiosis_checkpassword -> symbiosis-email-check-password
firewall                -> symbiosis-firewall
firewall-whitelist      -> symbiosis-firewall-whitelist
firewall-blacklist      -> symbiosis-firewall-blacklist

14.4. Packages installed by Symbiosis

Each component that makes up Symbiosis is separately packaged as follows. Each package can be installed individually if needed.

Meta-package that pulls in the core requirements for a Symbiosis system, and as well as recommending all packages needed for a complete Symbiosis system.
Organises and configures backup2l to backup vital parts of the system, and rsync them to a remote location.
Contains the core libraries that Symbiosis uses to operate.
Provides the per-domain crontab service.
Adds automatic DNS generation and upload to the system. Ties in with the Bytemark DNS service.
Configures Exim and Dovecot for use with Symbiosis.
Maintains the iptables and ip6tables firewalls, as well as providing automatic blacklisting and whitelisting.
Configures pure-ftpd to work with Symbiosis.
Configures the Apache web server.
Adds the Bytemark Symbiosis key to apt.
Provides service monitoring.
Brings in MySQL version 5.1, and configures it to bind to all interfaces, not just localhost, for remote access.
Brings in two PAM dependencies to make the system more secure — one checks passwords and warns when they are weak, the other sets per-user temporary directories.
Brings in phpMyAdmin, and configures it to use HTTP authentication.
Adds daily automatic updates from a specified apt sources.list file.
Adds webmail functionality, using either Squirrelmail (with Avelsieve) or Roundcube.
Adds an XMPP/Jabber chat server.

14.5. Systems administration and Symbiosis

Symbiosis is an attempt to encourage best practice at all times in systems administration, whilst keeping things as simple as possible, and free of surprises. As a result there are a few general rules to bear in mind when tinkering with your system.

Use of root, and other users

As far as possible Symbiosis will discourage you from using root when logging in and configuring the system. This primarily applies to

  • Anything in the /srv/ directory
  • The firewall configuration in /etc/symbiosis/firewall

For example, if a directory in /srv is owned by a system user or group, i.e. one with a UID/GID less than 1000, then it will not show up to various tasks, including, but not limited to,

  • Email and FTP logins
  • Cron tasks in config/crontab
  • Apache logging to public/logs/
  • Mail delivery to mailboxes.

In short, try not to use root if at all possible.

However it is perfectly possible to configure separate domains in /srv/ to be owned by different users, as long as they are non-system users, i.e. ones with user IDs greater than 1000. All programs will respect these permissions.

Customising configurations

Lots of configuration on the system is automatically generated to make Symbiosis work as it does. In previous releases of Symbiosis this meant that files would get overwritten without notice. However as of the Squeeze release in February 2012 configuration files are handled more conservatively.

Two things to watch out for. If a configuration file has


written in it, then there is a high chance that any changes will be overwritten. It has to be the exact wording and spacing above for overwriting to take place, so if that sentence is removed from the configuration then it will not get overwritten.

Similarly many files are generated from templates, for example DNS and apache snippets. These will now have a checksum at the bottom of the file.

# Checksum MD5 586732ff59e60115d0ec1c4905c72773

This checksum allows Symbiosis scripts to establish if the template used to generate the snippet has changed, if the data used in the generation has changed, or if the file itself has been edited. For example if an IP address is changed by editing config/ip, then that would allow the apache snippet for that domain can be updated, as can the DNS snippet.

This also means that sysadmins can edit the templates, and allow them to regenerate, or edit the snippets themselves safe in the knowledge that their changes will not get overwritten.

Other configuration styles

The Backup2l, Dovecot, and Exim configuration files are generated not with a template, but with a collection of snippets, which are joined and checked using a Makefile. This allows extra configuration snippets to be added in to the configuration.

If it is deemed necessary, sysadmins can add extra snippets to these configurations. The basic procedure is to read the configuration file, and decide where the extra directives need to go. This is made easier by the fact that through the configuration files comments are added showing where each part comes from.

# ------------------------------------------------------------------------------
# /etc/exim4/symbiosis.d/10-acl/40-acl-check-mail/00-header
# ------------------------------------------------------------------------------

# ACL that is used after the MAIL command

# ------------------------------------------------------------------------------
# /etc/exim4/symbiosis.d/10-acl/40-acl-check-mail/90-default
# ------------------------------------------------------------------------------

# Allow anything not already denied to connect

In this example, if an extra directive were required in this ACL, then a file could be created in /etc/exim4/symbiosis.d/10-acl/40-acl-check-mail/, maybe with the filename 10-do-stuff. To create the new configuration, we’d then need to run make in /etc/exim4/. This would regenerate /etc/exim4/exim4.conf, and perform a basic syntax check. If happy with the new configuration, then exim4 could be restarted.

The equivalent Dovecot configuration is in /etc/dovecot/symbiosis.d/ which generates /etc/dovecot/dovecot.conf. The Backup2l configuration is in /etc/symbiosis/backup.d/conf.d/, which generates /etc/symbiosis/backup.d/backup2l.conf.