Appendix D. Lotus Domino 5/6 for Linux in a secured chroot environment

First prepare the box so network and everything else is setup correctly.

Make sure you have those documentations available: Lotus Domino R5 for Linux or Lotus Domino 6 for Linux to answer your questions.

Create 2 additional LVs (see harddisk support):

dominobin 500 MB 
dominodata ?? GB 

Format the partitions with a journaling filesystem, my personal preference is ReiserFS. Of course you can use whatever you prefer.

mkfs.reiserfs /dev/devil-linux/dominobin
mkfs.reiserfs /dev/devil-linux/dominodata
[Caution]

Don't safe on the swap space, Lotus Domino will need it!

The next step is to create the notes user and group:

groupadd notes 
useradd -g notes -s /bin/bash -d /tmp notes 

Now we can start installing Lotus Domino

Mount the LVs.

mkdir /opt
mkdir /var/data/ 
mount /dev/devil-linux/dominobin /opt 
mount /dev/devil-linux/dominodata /var/data 
[Note]

When you update the Server at a later time, you will have to shut down the Domino server and mount the LVs to the same mount points.

Now throw in your CD, mount your network drive, or do whatever so you have the installation files available.

ie. to mount a windows: smbmount //servername/share /mnt -o username=john,workgroup=domain

The installer has a problem with the long LV device names, so let's create a workaround:

mv /bin/df /bin/df.old 
cat > /bin/df << "EOF" 
#!/bin/bash 
/bin/df.old -P $* 
EOF 
chmod +x /bin/df

Unpack the tar files and start the Domino Server installation:

tar -xzf Cxxxxxx.tar.gz 
cd linux 
./install 
[Important]

The data directory must be /var/data/notesdata and the program directory /opt/lotus !

You can speed up things, by modifying the file script.dat (install type and notes data directory) and using the following command: ./install -script script.dat

[Note]

Install all available updates, before you continue with the setup.

Copy the server id file to /var/data/notesdata as server.id . Later in the http setup just specify server.id as filename, without a path.

Now we have to fix the access rights:

chmod 600 /var/data/notesdata/server.id 
chown notes.notes /var/data/notesdata/server.id 

Configure the Domino Server as described in the documentation from IBM:

su - notes 
cd /var/data/notesdata 
/opt/lotus/bin/http httpsetup 

Now you have to connect via a Browser to this host on port 8081 (ie. http://my.notes.server.com:8081) and finish the configuration of the Domino Server.

When everything is finished, disable the shell for the notes user, so nobody can login with this account: chsh -s /bin/false notes.

Now it's time to start the Domino Server for the first time:

umount /opt 
umount /var/data 
/etc/init.d/domino start 

You should soon see the Domino console on tty9 ( press ALT+F9 ).

[Note]

The Domino Server is already running in a secured chroot environment.

You can stop the Domino server with the command: /etc/init.d/domino stop

To autostart the Domino Server after a reboot, change the following line in /etc/sysconfig/domino :

START_DOMINO=yes

Have fun with your Lotus Domino Server !

[Caution]

Make sure that all Domino directories and files are owned by notes !

Here is a script to correct the file permissions. It's a good idea to let it run at least once, because it sets better access rights then the Domino installer.

#!/bin/bash
/etc/init.d/domino stop
mkdir -p /opt 
mkdir -p /var/data 
mount /dev/devil-linux/dominobin /opt 
mount /dev/devil-linux/dominodata /var/data 
find /var/data/notesdata -type f | xargs chmod 660 
find /var/data/notesdata -type d | xargs chmod 770 
chown -R notes.notes /var/data/notesdata 
chmod 750 /opt/lotus 
chown -R root.notes /opt/lotus 
find /opt/lotus -name bindsock | xargs chmod 4750
umount /opt
umount /var/data