tja
August 15th, 2006, 02:56 PM
this post describes how to set up a teamspeak server daemon on Ubuntu.
(any corrections welcome !)
be aware ...
that teamspeak server is a foreign (not GPL'ed) binary program that may (or may not) imply security constraints on your system, especially if your sys is (as likely for a teamspeak-server) exposed to the internet (see below for strategies to reduce risks).
that your usage of the teamspeak server binary is bound to the licensing terms of "TeamSpeak Systems".
k, after all that "youre-on-your-own"-chitchat lets start this.
Prerequisites:
seems to work "out-of-the-box" on a Ubuntu-Server (with LAMP) installation, should work on Ubuntu Desktop too.
teamspeak server archive from http://www.goteamspeak.com/, go down to TeamSpeak 2 Server (RC2) 2.0.20.1 (see Download if you use Ubuntu Server)
Download:
first step is to download the archive. if your Ubuntu Server is hosted on the net like mine there is an easy ways to do this.
use the browser on your desktop machine and just click yourself thru the teamspeak-site till you reach the license page, go to the bottom and
right-click I AGREE and copy the link into your clipboard,
go to your (ssh-ed) terminal session,
enter wget ",
insert the copied url,
enter ",
you'll get a commandline roughly like wget "ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_20201.tar.bz2",
<RETURN> and wget downloads the archive, voila
Installation:
now its time to install the software to its final path and to create an account for the daemon (in the shell you will see your own username instead of "user" and your own server name instead of "server").
unpack the archive
user@server:~$ tar xvjf ts2_server_rc2_20201.tar.bz2
move the unpacked directory with the teamspeak software to /opt
user@server:~$ sudo mv tss2_rc2/ /opt
for secuity reasons you should not run - under no circumstances, not even to test it - the teamspeak server binary as root. so lets create an user who will run our daemon.
user@server:~$ sudo adduser teamspeak
Password:
Adding user `teamspeak'...
Adding new group `teamsp' (1001).
Adding new user `teamspeak' (1001) with group `teamspeak'.
Creating home directory `/home/teamspeak'.
Copying files from `/etc/skel'
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for teamspeak
Enter the new value, or press ENTER for the default
Full Name []: TeamSpeak Daemon Runner
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
the password will not matter but to be paranoid we use a long and fairly complicated one.
the teamspeak server will store some files in the /opt/tss2_rc2 directory but otherwise just need read and executable rights on the files there, so we will just change ownership of the directory itself
user@server:~$ sudo chown teamspeak /opt/tss2_rc2
and let the other files there untouched (they should be owned by the user you use to access the server by now).
we dont want to let our teamspeak user log in interactively so we will change his log-in shell to /bin/false
sudo usermod -s /bin/false teamspeak
lets recheck everything we made so far:
first the teamspeak software directory:
user@server:~$ ls -la /opt/tss2_rc2/
total 1520
drwxr-xr-x 7 teamspeak user 4096 2006-08-15 10:08 .
drwxr-xr-x 3 root root 4096 2006-08-14 17:50 ..
-rw-r--r-- 1 user user 11391 2004-03-09 12:40 changelog.txt
drwxr-xr-x 4 user user 4096 2004-03-09 12:41 httpdocs
-rw-r--r-- 1 user user 2546 2004-03-09 12:40 INSTALL
-rw-r--r-- 1 user user 2577 2004-03-10 01:38 INSTALL.mysql
-rw-r--r-- 1 user user 234289 2004-03-09 12:40 libsqlmy.so
drwxr-xr-x 2 user user 4096 2004-03-09 12:41 Manual
-rw-r--r-- 1 user user 353 2004-03-09 12:40 manual.html
drwxr-xr-x 2 user user 4096 2004-03-09 13:04 mysql_sql
-rw-r--r-- 1 user user 4040 2004-03-09 12:40 README
-rwxr-xr-x 1 user user 941456 2004-03-09 12:40 server_linux
-rw-r--r-- 1 user user 251908 2004-03-09 12:40 sqlite.so
drwxr-xr-x 2 user user 4096 2004-03-09 13:04 sqlite_sql
drwxr-xr-x 2 user user 4096 2004-03-09 12:42 tcpquerydocs
-rwxr-xr-x 1 user user 2465 2004-03-09 12:40 teamspeak2-server_startscript
everything ok - we own the files but the teamspeak user is the owner of the directory.
now the teamspeak users account:
user@server:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
...
teamspeak:x:1001:1001:,,,:/home/teamspeak:/bin/false
ok, the teamspeak user is not able to log on interactively.
Initial Start and Setup:
lets start the teamspeak server first time, test it and configure access to it.
start the daemon first time. we will use a tool called start-stop-daemon for it:
user@server:~$ sudo start-stop-daemon --chuid teamspeak --chdir /opt/tss2_rc2 --start --exec /opt/tss2_rc2/server_linux
you should see your server now in the process list:
user@server:~$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 1564 528 ? S 10:07 0:00 init [2]
...
1001 3610 0.0 1.4 45280 1796 ? Sl 10:07 0:03 /opt/tss2_rc2/server_linux
remember 1001 is the UID (User ID) of the user teamspeak (somebody know why he wrote the UID instead of "teamspeak" ???)
if you point your web browser to the hosts ip address (or dns-name if you have one) followed by the port 14534 like
http://<server's ip>:14534/
you should get the web-interface of the teamspeak server.
to configure the servers appearance (name, number of users etc) you need to log-on as superadmin - but whats the password ? you will find it in the newly created server log-file:
user@server:~$ cat /opt/tss2_rc2/server.log
---------------------------------------------------------------
-------------- log started at 14-08-06 18:11 -------------
---------------------------------------------------------------
14-08-06 18:11:29,ALL,Info,server, Server init initialized
14-08-06 18:11:29,ALL,Info,server, Server version: 2.0.20.1 Linux
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_servers
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_server_privileges
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_channels
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_channel_privileges
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_clients
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_bans
14-08-06 18:11:29,ALL,Info,server, Starting VirtualServer id:1 with port:8767
14-08-06 18:11:29,WARNING,Info,SERVER, Default VirtualServer created
14-08-06 18:11:29,WARNING,Info,SERVER, admin account info: username: admin password: apapap
14-08-06 18:11:29,WARNING,Info,SERVER, superadmin account info: username: superadmin password: sapsap
14-08-06 18:11:30,ALL,Info,server, Server init finished
14-08-06 18:11:30,WARNING,Info,server, TeamSpeak Server daemon activated
for example the teamspeak server generated the superadmin-password "sapsap". go to "superadmin login", log on with user "superadmin" and the password from the logfile and configure your teamspeak server.
at least set the server name, the number of allowed users and create one user for yourself with admin rights.
for further infos consult the documentation on the teamspeak-site, as this is beyond the scope of this how-to.
check if teamspeak works, log on with your teamspeak client and your just created admin-user.
stop your teamspeak server again with the help of start-stop daemon:
sudo start-stop-daemon --chuid teamspeak --chdir /opt/tss2_rc2 --stop --exec /opt/tss2_rc2/server_linux
Securing and Logging:
for security reasons we want to disable the web-interface and tie down the server-logfile (with the admins/superadmins passwords !).
turn off the servers web-interface is accomplished thru editing the server.ini file in /opt/tss2_rc2. we use vi for example:
user@server:~$ sudo vi /opt/tss2_rc2/server.ini
we edit the line HTTPServer Enabled=1 and replace the 1 with 0.
while we are at it we change the logging parameters to get more infos in the logfile. replace all 0 in the log-section with 1.
[Main Config]
...
HTTPServer Port=14534
HTTPServer Enabled=0
...
[log]
access_r=1
access_u=1
channel_registerred=1
channel_unregisterred=1
sa=1
chat=1
kick_server=1
kick_channel=1
change the rights on the server-logfile that nobody despite root and the teamspeak-user can read it.
user@server:~$ sudo chmod 600 /opt/tss2_rc2/server.log
you could recheck if everything works as expected by starting the teamspeak-daemon with the start-stop-daemon-commands above. the web-interface shouldnt be reachable anymore and you should get more logging in the server.log-file - you will need sudo to view this file now.
Starting the daemon at boot-time:
we want to start the teamspeak server at boot and stop it on shutdown.
i just modified a copy of /etc/init.d/skeleton for this purpose:
#! /bin/sh
### BEGIN INIT INFO
# Provides: teamspeak
# Required-Start: networking
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: TeamSpeak Server Daemon
# Description: Starts/Stops/Restarts the TeamSpeak Server Daemon
### END INIT INFO
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="TeamSpeak Server"
NAME=teamspeak
USER=teamspeak
DIR=/opt/tss2_rc2
DAEMON=$DIR/server_linux
#PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
d_start() {
start-stop-daemon --start --quiet \
--chuid $USER \
--chdir $DIR \
--exec $DAEMON \
> /dev/null \
|| echo -n " already running"
}
d_stop() {
start-stop-daemon --stop --quiet \
--chuid $USER \
--chdir $DIR \
--exec $DAEMON \
|| echo -n " not running"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
d_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
d_stop
echo "."
;;
restart|force-reload)
echo -n "Restarting $DESC: $NAME"
d_stop
sleep 15
d_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
exit 0
put this (via sudo) into a file named /etc/init.d/teamspeak.
(EDIT)use chown root:root /etc/init.d/teamspeak and chmod 775 /etc/init.d/teamspeak to set the right permission (see below cazsans post (http://www.ubuntuforums.org/showpost.php?p=1453104&postcount=4) - thx cazsan)(/EDIT)
sudo /etc/init.d/teamspeak start should now start the daemon while sudo /etc/init.d/teamspeak stop should stop it.
put the daemon into the service-levels via symbolic links:
cd /etc/rc0.d
sudo ln -s ../init.d/teamspeak K21teamspeak
cd /etc/rc1.d
sudo ln -s ../init.d/teamspeak K21teamspeak
cd /etc/rc2.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc3.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc4.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc5.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc6.d
sudo ln -s ../init.d/teamspeak K21teamspeak
Further Security and advanced Paranoia:
if your server runs other (mission-critical) services and/or you are paranoid (as i am) you could do several things:
run the teamspeak daemon inside an chroot'ed environment
run the teamspeak daemon in his own VM via VMWare-Server
i've done both, the former for some years and the later for some months and i didnt run into security problems (or didnt see any so this is no proof). i will write an article about my current setup later.
so, have fun.
(any corrections welcome !)
be aware ...
that teamspeak server is a foreign (not GPL'ed) binary program that may (or may not) imply security constraints on your system, especially if your sys is (as likely for a teamspeak-server) exposed to the internet (see below for strategies to reduce risks).
that your usage of the teamspeak server binary is bound to the licensing terms of "TeamSpeak Systems".
k, after all that "youre-on-your-own"-chitchat lets start this.
Prerequisites:
seems to work "out-of-the-box" on a Ubuntu-Server (with LAMP) installation, should work on Ubuntu Desktop too.
teamspeak server archive from http://www.goteamspeak.com/, go down to TeamSpeak 2 Server (RC2) 2.0.20.1 (see Download if you use Ubuntu Server)
Download:
first step is to download the archive. if your Ubuntu Server is hosted on the net like mine there is an easy ways to do this.
use the browser on your desktop machine and just click yourself thru the teamspeak-site till you reach the license page, go to the bottom and
right-click I AGREE and copy the link into your clipboard,
go to your (ssh-ed) terminal session,
enter wget ",
insert the copied url,
enter ",
you'll get a commandline roughly like wget "ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_20201.tar.bz2",
<RETURN> and wget downloads the archive, voila
Installation:
now its time to install the software to its final path and to create an account for the daemon (in the shell you will see your own username instead of "user" and your own server name instead of "server").
unpack the archive
user@server:~$ tar xvjf ts2_server_rc2_20201.tar.bz2
move the unpacked directory with the teamspeak software to /opt
user@server:~$ sudo mv tss2_rc2/ /opt
for secuity reasons you should not run - under no circumstances, not even to test it - the teamspeak server binary as root. so lets create an user who will run our daemon.
user@server:~$ sudo adduser teamspeak
Password:
Adding user `teamspeak'...
Adding new group `teamsp' (1001).
Adding new user `teamspeak' (1001) with group `teamspeak'.
Creating home directory `/home/teamspeak'.
Copying files from `/etc/skel'
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for teamspeak
Enter the new value, or press ENTER for the default
Full Name []: TeamSpeak Daemon Runner
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
the password will not matter but to be paranoid we use a long and fairly complicated one.
the teamspeak server will store some files in the /opt/tss2_rc2 directory but otherwise just need read and executable rights on the files there, so we will just change ownership of the directory itself
user@server:~$ sudo chown teamspeak /opt/tss2_rc2
and let the other files there untouched (they should be owned by the user you use to access the server by now).
we dont want to let our teamspeak user log in interactively so we will change his log-in shell to /bin/false
sudo usermod -s /bin/false teamspeak
lets recheck everything we made so far:
first the teamspeak software directory:
user@server:~$ ls -la /opt/tss2_rc2/
total 1520
drwxr-xr-x 7 teamspeak user 4096 2006-08-15 10:08 .
drwxr-xr-x 3 root root 4096 2006-08-14 17:50 ..
-rw-r--r-- 1 user user 11391 2004-03-09 12:40 changelog.txt
drwxr-xr-x 4 user user 4096 2004-03-09 12:41 httpdocs
-rw-r--r-- 1 user user 2546 2004-03-09 12:40 INSTALL
-rw-r--r-- 1 user user 2577 2004-03-10 01:38 INSTALL.mysql
-rw-r--r-- 1 user user 234289 2004-03-09 12:40 libsqlmy.so
drwxr-xr-x 2 user user 4096 2004-03-09 12:41 Manual
-rw-r--r-- 1 user user 353 2004-03-09 12:40 manual.html
drwxr-xr-x 2 user user 4096 2004-03-09 13:04 mysql_sql
-rw-r--r-- 1 user user 4040 2004-03-09 12:40 README
-rwxr-xr-x 1 user user 941456 2004-03-09 12:40 server_linux
-rw-r--r-- 1 user user 251908 2004-03-09 12:40 sqlite.so
drwxr-xr-x 2 user user 4096 2004-03-09 13:04 sqlite_sql
drwxr-xr-x 2 user user 4096 2004-03-09 12:42 tcpquerydocs
-rwxr-xr-x 1 user user 2465 2004-03-09 12:40 teamspeak2-server_startscript
everything ok - we own the files but the teamspeak user is the owner of the directory.
now the teamspeak users account:
user@server:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
...
teamspeak:x:1001:1001:,,,:/home/teamspeak:/bin/false
ok, the teamspeak user is not able to log on interactively.
Initial Start and Setup:
lets start the teamspeak server first time, test it and configure access to it.
start the daemon first time. we will use a tool called start-stop-daemon for it:
user@server:~$ sudo start-stop-daemon --chuid teamspeak --chdir /opt/tss2_rc2 --start --exec /opt/tss2_rc2/server_linux
you should see your server now in the process list:
user@server:~$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 1564 528 ? S 10:07 0:00 init [2]
...
1001 3610 0.0 1.4 45280 1796 ? Sl 10:07 0:03 /opt/tss2_rc2/server_linux
remember 1001 is the UID (User ID) of the user teamspeak (somebody know why he wrote the UID instead of "teamspeak" ???)
if you point your web browser to the hosts ip address (or dns-name if you have one) followed by the port 14534 like
http://<server's ip>:14534/
you should get the web-interface of the teamspeak server.
to configure the servers appearance (name, number of users etc) you need to log-on as superadmin - but whats the password ? you will find it in the newly created server log-file:
user@server:~$ cat /opt/tss2_rc2/server.log
---------------------------------------------------------------
-------------- log started at 14-08-06 18:11 -------------
---------------------------------------------------------------
14-08-06 18:11:29,ALL,Info,server, Server init initialized
14-08-06 18:11:29,ALL,Info,server, Server version: 2.0.20.1 Linux
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_servers
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_server_privileges
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_channels
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_channel_privileges
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_clients
14-08-06 18:11:29,WARNING,Info,SQL, created table ts2_bans
14-08-06 18:11:29,ALL,Info,server, Starting VirtualServer id:1 with port:8767
14-08-06 18:11:29,WARNING,Info,SERVER, Default VirtualServer created
14-08-06 18:11:29,WARNING,Info,SERVER, admin account info: username: admin password: apapap
14-08-06 18:11:29,WARNING,Info,SERVER, superadmin account info: username: superadmin password: sapsap
14-08-06 18:11:30,ALL,Info,server, Server init finished
14-08-06 18:11:30,WARNING,Info,server, TeamSpeak Server daemon activated
for example the teamspeak server generated the superadmin-password "sapsap". go to "superadmin login", log on with user "superadmin" and the password from the logfile and configure your teamspeak server.
at least set the server name, the number of allowed users and create one user for yourself with admin rights.
for further infos consult the documentation on the teamspeak-site, as this is beyond the scope of this how-to.
check if teamspeak works, log on with your teamspeak client and your just created admin-user.
stop your teamspeak server again with the help of start-stop daemon:
sudo start-stop-daemon --chuid teamspeak --chdir /opt/tss2_rc2 --stop --exec /opt/tss2_rc2/server_linux
Securing and Logging:
for security reasons we want to disable the web-interface and tie down the server-logfile (with the admins/superadmins passwords !).
turn off the servers web-interface is accomplished thru editing the server.ini file in /opt/tss2_rc2. we use vi for example:
user@server:~$ sudo vi /opt/tss2_rc2/server.ini
we edit the line HTTPServer Enabled=1 and replace the 1 with 0.
while we are at it we change the logging parameters to get more infos in the logfile. replace all 0 in the log-section with 1.
[Main Config]
...
HTTPServer Port=14534
HTTPServer Enabled=0
...
[log]
access_r=1
access_u=1
channel_registerred=1
channel_unregisterred=1
sa=1
chat=1
kick_server=1
kick_channel=1
change the rights on the server-logfile that nobody despite root and the teamspeak-user can read it.
user@server:~$ sudo chmod 600 /opt/tss2_rc2/server.log
you could recheck if everything works as expected by starting the teamspeak-daemon with the start-stop-daemon-commands above. the web-interface shouldnt be reachable anymore and you should get more logging in the server.log-file - you will need sudo to view this file now.
Starting the daemon at boot-time:
we want to start the teamspeak server at boot and stop it on shutdown.
i just modified a copy of /etc/init.d/skeleton for this purpose:
#! /bin/sh
### BEGIN INIT INFO
# Provides: teamspeak
# Required-Start: networking
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: TeamSpeak Server Daemon
# Description: Starts/Stops/Restarts the TeamSpeak Server Daemon
### END INIT INFO
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="TeamSpeak Server"
NAME=teamspeak
USER=teamspeak
DIR=/opt/tss2_rc2
DAEMON=$DIR/server_linux
#PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
d_start() {
start-stop-daemon --start --quiet \
--chuid $USER \
--chdir $DIR \
--exec $DAEMON \
> /dev/null \
|| echo -n " already running"
}
d_stop() {
start-stop-daemon --stop --quiet \
--chuid $USER \
--chdir $DIR \
--exec $DAEMON \
|| echo -n " not running"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
d_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
d_stop
echo "."
;;
restart|force-reload)
echo -n "Restarting $DESC: $NAME"
d_stop
sleep 15
d_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
exit 0
put this (via sudo) into a file named /etc/init.d/teamspeak.
(EDIT)use chown root:root /etc/init.d/teamspeak and chmod 775 /etc/init.d/teamspeak to set the right permission (see below cazsans post (http://www.ubuntuforums.org/showpost.php?p=1453104&postcount=4) - thx cazsan)(/EDIT)
sudo /etc/init.d/teamspeak start should now start the daemon while sudo /etc/init.d/teamspeak stop should stop it.
put the daemon into the service-levels via symbolic links:
cd /etc/rc0.d
sudo ln -s ../init.d/teamspeak K21teamspeak
cd /etc/rc1.d
sudo ln -s ../init.d/teamspeak K21teamspeak
cd /etc/rc2.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc3.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc4.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc5.d
sudo ln -s ../init.d/teamspeak S21teamspeak
cd /etc/rc6.d
sudo ln -s ../init.d/teamspeak K21teamspeak
Further Security and advanced Paranoia:
if your server runs other (mission-critical) services and/or you are paranoid (as i am) you could do several things:
run the teamspeak daemon inside an chroot'ed environment
run the teamspeak daemon in his own VM via VMWare-Server
i've done both, the former for some years and the later for some months and i didnt run into security problems (or didnt see any so this is no proof). i will write an article about my current setup later.
so, have fun.