nixCraft FAQ Roundup – Dec 8, 2008

Posted on in Categories FAQ last updated October 30, 2008

Recently updated/posted Linux and UNIX FAQ:

=> Boot Ubuntu Linux into Rescue mode to fix system – How do I boot my Ubuntu Linux server into Rescue mode to fix system?

=> Unable to create installation source – Add directories into YaST as an installation source – I have created my own patch files on the hard drive. How do I add all those directories into Suse Linux YaST as an installation source?

=> How to uninstall GRUB – How do I uninstall GRUB using old good MS-DOS fdisk or Linux/UNIX dd command?

=> Can I run fsck or e2fsck when Linux file system is mounted? Can I run run fsck/e2fsc on a live Linux file system?

=> Configure Sendmail SSL encryption for sending and receiving email – Configure Sendmail MTA to use SSL encryption for sending/receiving email using valid SSL certificate.

=> Linux configure Network Address Translation or NAT – Old good Linux NAT!

=> Use sudo or sudoers to start, stop & restart Apache – Sudo to stop and/or restart Apache web server!

=> How to install firefox-2.0.tar.gz in Linux – I have downloaded firefox file from mozilla web site to my Linux desktop system. The name of file is firefox-2.0.tar.gz. How do I install firefox-2.0.tar.gz in Fedora Core Linux?


PHP Send Email Using Authenticated SMTP Mail Server In Real Time

Posted on in Categories Apache, Howto, lighttpd, Mail server, php, Postfix, Security, Troubleshooting last updated April 18, 2008

PHP has mail() function to send an email to users. However this mail() will not work:

=> If sendmail (or compatible binary) is not installed

=> If Apache Web server / Lighttpd running in chrooted jail

=> And your smtp server needs an authentication before sending an email

=> Or you just need to send email using PHP PEAR

In all these cases you need to use PHP PEAR’s Mail:: interface. It defines the interface for implementing mailers under the PEAR hierarchy, and provides supporting functions which are useful in multiple mailer backends. In this tip you will learn about how to send an e-mail directly to client smtp server in real time.

PHP Pear’s Mail.php is located in /usr/share/pear/ directory. Following is sample code to send an email via authenticated smtp server.

PHP send email using PHP SMTP mail Pear functions – Sample source code

Following code is well commented, you need to make necessary changes as per your setup.

/* mail setup recipients, subject etc */
$recipients = "[email protected]";
$headers["From"] = "[email protected]";
$headers["To"] = "[email protected]";
$headers["Subject"] = "User feedback";
$mailmsg = "Hello, This is a test.";
/* SMTP server name, port, user/passwd */
$smtpinfo["host"] = "";
$smtpinfo["port"] = "25";
$smtpinfo["auth"] = true;
$smtpinfo["username"] = "smtpusername";
$smtpinfo["password"] = "smtpPassword";
/* Create the mail object using the Mail::factory method */
$mail_object =& Mail::factory("smtp", $smtpinfo);
/* Ok send mail */
$mail_object->send($recipients, $headers, $mailmsg);

Sending smtp email from chrooted Apache or Lighttpd webserver

Read following section, if you are running a secure chrooted Apache or Lighttpd web server. I have already written about setting php mail() function in chrooted jail. If you are using chrooted jail server setup, copy all files from /usr/share/pear directory to /chroot-directory/usr/share/pear directory. For example if lighttpd chrooted jail located in /webroot directory, you need to type following commands to install PHP pear support:
# mkdir -p /webroot/usr/share/pear
# cd /webroot/usr/share/pear
# cp -avr /usr/share/pear .

If PHP SAFE MODE is on, you must set /webroot/usr/share/pear directory permission to webserver username to allow access. Otherwise you will see error as follows:

1-Nov-2006 09:43:19] PHP Warning:  main(): SAFE MODE Restriction in effect.  The script whose uid is 506 is not allowed to access /usr/share/pear/PEAR.php owned by uid 0 in /usr/share/pear/Mail.php on line 636.

So if webserver username is lighttpd or apache use following command to setup correct ownership:
# chown lighttpd:lighttpd /webroot/usr/share/pear -ROR# chown apache:apache /webroot/usr/share/pear -R

You may also find modified wordpress WP-ContactForm plugin useful. It is a drop in form for users to contact you. It can be implemented on a page or a post. Original authored by Ryan Duff, which use php mail() function to send email. I have modified the same to send email via my ISP authenticated gateway using PHP PEAR’s Mail:: interface :D

Change Linux or UNIX system password using PHP script

Posted on in Categories Apache, lighttpd, php, Shell scripting last updated November 16, 2013

If you just wanted to change your own password or other user passwords use passwd command.

I was asked to setup a PHP based interface to change the password. Since my knowledge of php is limited. Here is what I did:

Warning: This is an outdated and insecure information. Please see the official document for more information. You have been warned to ignore this post.

Required tools/setup:

You must have following tools/software installed

=> Shell script to change password

=> Sudo access

=> Apache or Lighttpd web server

=> PHP server side

Step # 1: Setup a shell script to change password

This shell script use expect tool to change the password (see more about expect tool here).

Sample shell script code

# \
exec expect -f "$0" ${1+"$@"}
set password [lindex $argv 1]
spawn passwd [lindex $argv 0]
sleep 1
expect "assword:"
send "$password\r"
expect "assword:"
send "$password\r"
expect eof

You can execute this script as follows (dowload link):
$ chpasswd username password

Download script and copy to your webroot or location where webserver can read this script file:
$ cp chpasswd /var/www/

ALTERNATIVELY, if you are using Ligtttpd web server:
$ cp chpasswd /home/lighttpd

Step # 2: Setup sudo to execute a command as root user

Apache or Lighttpd web server drops root privileges as soon as they go into background. This makes changing password scenario difficult as passwd command needs root privileges to change other user account password.

Typically, Apache 2 use www-data user and Lighttpd use lighttppd username to drop privileges. Login as root user and type the following command:
# visudo

Now allow your web server to execute a script (chpasswd) w/o password. If you are using Apache web server, type the following command:
www-data ALL=NOPASSWD: /var/www/chpasswd

ALTERNATIVELY, if you are using Ligtttpd web server, type the following command:
lighttpd ALL=NOPASSWD: /home/lighttpd/chpasswd

Save and close the file.

Step # 3: Create a PHP based interface

Now you need to write a php script. Here is sample php script. This is a demo script. You should modify it according to your requirement or setup. At minimum, you need to setup correct shell script location so that it will work for you out of box. Open php script and locate line:
$shellscript = "sudo /home/lighttpd/chpasswd";

Change it to point to correct location. PHP Source code:

// change .. me! - shell script name
$shellscript = "sudo /home/lighttpd/chpasswd";
// Make sure form is submitted by user
if(!(isset($_POST['pwdchange']))) {
 // if not display them form
 writeHead("Change password");
else {
 // try to change the password
 // get username and password
 $_POST['username'] = stripslashes(trim($_POST['username']));
 $_POST['passwd'] = stripslashes(trim($_POST['passwd']));
// if user skip our javascript ...
// make sure we can only change password if we have both username and password
 if(empty($_POST['username'])) {
 if(empty($_POST['passwd'])) {
 if ( $callshell == true ) { 
  // command to change password 
  $cmd="$shellscript " . $_POST['username'] . " " . $_POST['passwd'];
  // call command
  // $cmd - command, $output - output of $cmd, $status - useful to find if command failed or not
   if ( $status == 0 ) { // Success - password changed
   writeHead("Password changed");
   echo '<h3>Password changed</h3>Setup a new password';
   else { // Password failed 
      writeHead("Password change failed");
      echo '<h3>Password change failed</h3>';
      echo '<p>System returned following information:</p>';
      echo '<p><em>Please contact tech-support for more info! Or try <a href='.$_SERVER['PHP_SELF'].'again</a></em></p>';
 else {
   writeHead("Something was wrong -- Please try again");
   echo 'Error - Please enter username and password';
// display html head
function writeHead($title) {
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<title> ' .$title. '</title>
<style type="text/css" media="screen">
.passwdform {
	position: static;
	overflow: hidden;
.passwdleft {
	width: 25%;
	text-align: right;
	clear: both;
	float: left;
	display: inline;
	padding: 4px;
	margin: 5px 0;
.passwdright {
	width: 70%;
	text-align: left;
	float: right;
	display: inline;
	padding: 4px;
	margin: 5px 0;
.passwderror {
	border: 1px solid #ff0000;
.passwdsubmit {
// display html form
function writeForm() {
echo '
<h3>Use following form to change password:</h3>
function checkForm() {
if (document.forms.changepassword.elements[\'username\'].value.length == 0) {
    alert(\'Please enter a value for the "User name" field\');
    return false;
if (document.forms.changepassword.elements[\'passwd\'].value.length == 0) {
    alert(\'Please enter a value for the "Password" field\');
    return false;
  return true;
<div class="contactform">
<form action="' . $_SERVER[PHP_SELF]. '" method="post" onSubmit="return checkForm()" name="changepassword">
<div class="passwdleft"><label for="lblusername">User Name: </label></div>
<div class="passwdright"><input type="text" name="username" id="lblusername" size="30" maxlength="50" value="" /> (required)</div>
<div class="passwdleft"><label for="lblpasswd">Password: </label></div>
<div class="passwdright"><input type="password" name="passwd" id="lblpasswd" size="30" maxlength="50" value="" /> (required)</div>
<div class="passwdright"><input type="submit" name="Submit" value="Change password" id="passwdsubmit" />
<input type="hidden" name="pwdchange" value="process" /></div>
// display footer 
function writeFoot(){
echo '</body>

Step # 4: Run the script

Point a web browser to your server url – You should see a username and password form as follows:

changepassword php script output # 1

If a password is changed successfully, you should get confirmation as follows:

changepassword php script output # 2

For some reason if a password failed to change, you should get detailed error message as follows:

changepassword php script output # 3

Step # 5: Security

Note this is an example and not final solution as it is little insecure.

  • Never ever run this script over http session. Always run over https session.
  • Put script in a password protected directory (see how to setup Apache or Lighttpd web server password protected directory).
  • Never ever, trust user input. Above php script is just a sample, for real life production you should consider more powerful user input validation. Discussion regarding PHP programming security is beyond the scope of this article. You can consult a good PHP book or search a web using your favorite search engine :)

Tentakel to execute commands on multiple Linux or UNIX Servers

Posted on in Categories Automation, CentOS, Debian Linux, Download of the day, FreeBSD, Gentoo Linux, Howto, Linux, Monitoring, Networking, OpenBSD, RedHat/Fedora Linux, Sys admin, Tips, Tuning, Ubuntu Linux, UNIX last updated August 17, 2007

This is Part II in a series on Execute Commands on Multiple Linux or UNIX Servers Simultaneously. The full series is Part I, Part II, and Part III. Many times, you want to execute a command not only on one server, but also on several servers. For example, find out

  • Version of kernel
  • Version of Apache web server
  • Update static html or images files on all web servers via rsync
  • Find out user information, server information, memory usage etc
  • Security/patch checking


I have already covered how to execute commands on multiple Linux or UNIX servers via shell script. The disadvantage of script is commands do not run in parallel on all servers. However, several tools exist to automate this procedure in parallel. With the help of tool called tentakel, you run distributed command execution. It is a program for executing the same command on many hosts in parallel using ssh (it supports other methods too). Main advantage is you can create several sets of servers according requirements. For example webserver group, mail server group, home servers group etc. The command is executed in parallel on all servers in this group (time saving). By default, every result is printed to stdout (screen). The output format can be defined for each group.

How it works?

Consider the following sample setup:

admin workstation   Group                  Hosts
|----------------> www-servers        host1, host2,host3
|----------------> homeservers,

You need to install tentakel on admin workstation ( We have two group servers, first is group of web server with three host and another is homeservers with two hosts.

The requirements on the remote hosts (groups) need a running sshd server on the remote side. You need to setup ssh-key based login between admin workstation and all group servers/hosts to take full advantage of this tentakel distributed command execution method.

System requirement

Tentakel requires a working Python installation. It is known to work with Python 2.3. Python 2.2 and Python 2.1 are not supported. If you are using old version of python then please upgrade it.


Let us see howto install and configure tentakel.

Step # 1 : Download tentakel

Visit sourceforge home page to download tentakel or download RPM files from tentakel home page.

Step # 2: Install tentakel

Untar source code, enter:

# tar -zxvf tentakel-2.2.tgz

You should be root user for the install step. To install it type

# make
# make install

Step # 3 Configure groups

For demonstration purpose we will use following setup:

   admin pc                    Group           hosts
Running Debian Linux       homeservers
User: jadmin

Copy sample tentakel configuration file tentakel.conf.example to /etc directory

# cp tentakel.conf.example /etc/ tentakel.conf

Modify /etc/tentakel.conf according to above setup, at the end your file should look like as follows:

# first section: global parameters
set ssh_path="/usr/bin/ssh"
set method="ssh"  # ssh method
set user="jadmin"   # ssh username for remote servers
#set format="%d %o\n" # output format see man page
#set maxparallel="3"  # run at most 3 commands in parallel

# our home servers with two hosts
group homeservers ()
+ +

# localhost
group local ()

Save the file and exit to shell prompt. Where,
group homeservers () : Group name
+ + : Host inclusion. name is included and can be an ip address or a hostname.

Step # 4 Configure SSH password less login

Configure ssh-key based login to avoid password prompt between admin workstation and group servers for jadmin user.

Step # 5 Test tentakel

Login as jadmin and type the following command:

$ tentakel -g homeservers

interactive mode

-g groupname: Select the group groupname The group must be defined in the configuration file (here it is homeservers). If not specified tentakel implicitly assumes the default group.

At tentakel(homeservers)> prompt type command uname and uptime command as follows:

exec "uname -mrs"
exec "uptime"

Few more examples
Find who is logged on all homeservers and what they are doing (type at shell prompt)

$ tentakel -g homeservers "w"

Executes the uptime command on all hosts defined in group homeservers:

$ tentakel -g homeservers uptime

As you can see, tentakel is very powerful and easy to use tool. It also supports the concept of plugins. A plugin is a single Python module and must appear in the $HOME/.tentakel/plugins/ directory. Main advantage of plugin is customization according to your need. For example, entire web server or mysql server farm can be controlled according our requirements.
However, tentakel is not the only utility for this kind of work. There are programs that do similar things or have to do with tentakel in some way. The complete list can be found online here. tentakel should work on almost all variant of UNIX/BSD or Linux distributions.

Time is a precious commodity, especially if you’re a system administrator. No other job pulls people in so many directions at once. Users interrupt you constantly with requests, preventing you from getting anything done and putting lots of pressure on you. What do you do? The answer is time management. Read our book review of Time Management for System Administrators. Continue reading Execute commands on multiple hosts using expect tool Part III of this series.


  • Read tentakel man page for tentakel configuration options
  • tentakel home page

Update: Damon confirmed that it works on Windows too with little modification.