Boston University Linux

BU Linux 4.5 Server Edition (Zodiac) is now available! Download the Zodiac boot CD image and burn it to a CD-R. Make sure to use your CD-writing software's "burn from ISO image" or "create from disc image" feature — don't just put the file on the disc.

The server edition of BU Linux provides a modern, stable, and robust server platform suitable for long-term deployment in many roles throughout the university. Like all versions of BU Linux, it features an easy installation process, integration with the Boston University networking environment, and automated security updates.

Release Notes

Welcome to BU Linux 4.5 Server Edition (Zodiac)

Previous releases of BU Linux were designed as completely general-purpose operating systems, suitable for diverse tasks from graphics workstation to lab machine to web server to supercomputer compute node. This year, we've split BU Linux into two branches. This release is Zodiac, a server-oriented OS designed to be stable and supported until 2010. Earlier this summer, we released Velouria, a desktop-oriented release designed to provide the latest and greatest end-user software.

Since working with the newest hardware and providing current GUI applications is a priority for desktop systems, the Velouria release will be supported for two years and then retired in August 2007. This short lifespan is necessary to keep up with the latest developments in the Linux world, but isn't acceptable for most server use, so the Zodiac release is based on the enterprise-class CentOS distribution and will be supported through August 2010.

Supported Hardware

Currently, only i686-class machines are supported. This includes almost everything from Intel's Pentium Pro on. AMD64 and Intel EM64T systems will work fine using their 32-bit mode. Watch for a 64-bit version later this summer.

Specific Notes on Server Applications

Mail Server:

BU Linux 4.5 Server Edition (Zodiac) includes three different choices of Mail Transfer Agent (MTA) for your mail server. Each of these open source servers has its unique strengths, and you can install one or more and use the utility system-switch-mail to choose which is active.

The default is IBM's Postfix, which is designed from scratch to be secure and easily configurable. On a newly-installed BU Linux machine, Postfix is configured to exchange mail on the local machine and to send mail out to other systems, but not receive mail from the network. For this reason, outgoing mail from global BU accounts (those matching valid BU login names and with the proper UID) will appear to come from @bu.edu rather than @hostname.bu.edu. Local users (including system accounts) will retain the hostname, but without reconfiguration, any replies will bounce. Changing the system to accept mail is easy; see the BU Linux web site for details.

For the maximum flexibility and for compatibility with existing configurations (and with existing expertise), we also include the traditional standard Sendmail. And, if you have particular special needs, you may find that the new Exim MTA fits your situation best.

No matter which MTA you choose, please contact us if you need any assistance. With so many options available, the situation can be confusing, and it's unfortunately easy for an accidentally misconfigured system to become a target for spam relayers. We have significant expertise at configuring both Postfix and Sendmail in a variety of situations, and will be glad to help.

FTP Server:

This release of BU Linux provides two options for FTP. The first is vsftpd, which is designed to be simple and secure. This is the most appropriate for almost all situations, but if you require more power and flexibility, we also include ProFTPd, which has many more options and a configuration syntax similar to that of the Apache web server.

Please also remember that FTP is an insecure protocol and that any passwords used travel over the network in plain text. For this reason, it's best to avoid anything but anonymous FTP. For user-authenticated file transfer, use SSH and SFTP. (SFTP is provided by the OpenSSH server and enabled by default.)

Web Server:

The web server software included in BU Linux is the industry-standard Apache httpd. We also include PHP 4.3 and many other useful tools for building a web server.

If you need to provide authenticated access to web services to BU users, please contact us and we will provide you with our University-standard Weblogin module. This provides a powerful and flexible means of single-signon access control for the BU user community and we want to make it as easy as possible for you to provide this for your users.

Database Server:

BU Linux includes MySQL 4.1 and PostgreSQL 7.4. For less demanding SQL applications, we also provide SQLite 3, which provides simple SQL databases without the management overhead of running a SQL server.

Using Zodiac as a Desktop Workstation

Although this isn't a design goal or a primary focus of this BU Linux release, it is possible to install and run a graphical desktop environment on Zodiac. The BU Linux web site will have detailed instructions for doing this.

For actual server use, running a graphical desktop is highly discouraged. General "best practices" for security include running only the minimum software required to provide the needed services, and the inherently large and complicated graphical desktop environment runs counter to this principle.

This doesn't mean you must forgo convenient GUI configuration and management tools, however. These can still be installed and run over the network securely via an SSH tunnel. Simply use SSH to connect from your desktop system to the server, and type the name of the command you want to run. The program will execute on the server but display on your desktop system — keeping the server more secure and enabling you to work from the comfort of your office.

Automatic Updates and Software Package Management

Unfortunately, there is currently no good GUI tool for yum. We are tracking the development of several potential candidates and hope to add this later. Fortunately, the command-line interface for yum is simple and well-documented.

Our previous automatic update system, aptomatic, has been replaced with a yum-based system called simply bulinux-autoupdate. This system can be configured to provide notification of new updates but not install them automatically by changing config parameters in the file /etc/sysconfig/bulinux-autoupdate — see that file for details. However, we highly recommend leaving automatic updates in place for almost all desktop systems; it will greatly reduce the amount of work you'll need to do, and the chance of a machine being compromised due to unapplied updates is greater than the risk of a bad update, as all of our updates go through a quality assurance process before release.

The BU modified version of useradd — the longstanding useradd -K — is gone. Instead, the replacement add-bu-user provides the same functionality. The new program uses a Python-based directory service backend identical to that used in the graphical user management tool. This provides us with a cleaner and more robust codebase, making updates and future upgrades simpler.

Many people will remember that OpenAFS did not function properly with BU Linux 4.0 (Bossanova) when that was released. This is no longer an issue and OpenAFS is fully-supported.