How to Run Commands from Standard Input Using Tee and Xargs in Linux

While using the command line, you can directly pass the output of one program (for example a tool that generates some system information or statistics) as input for another program (such as text-filtering or pattern searching tools like grep, sed or awk, for further processing), using a pipeline.

Read Also: Learn The Basics of How Linux I/O (Input/Output) Redirection Works

Two of the most important command line utilities that can be used with pipelines to build command lines are:

  • xargs – reads streams of data from standard input, then generates and executes command lines.
  • tee – reads from standard input and writes simultaneously to standard output and one or many files. It’s more of a redirection command.

In this simple article, we will describe how to build and execute multiple commands from standard input using pipes, tee and xargs commands in Linux.


The simplest syntax for using a pipe, which you might have already seen in commands in many of out Linux tutorials, is as follows. But you can build a longer command line with several commands.

$ command1 args | command2 args OR
# command1 args | command2 args | command3 args ...

Below is an example of using a pipeline to pass the output of dmesg command to head command.

$ dmesg | head
Pass Command Output to Another Command

Pass Command Output to Another Command

How to Use xargs to Run Commands

In this example, the second command converts muti-line output into single line using xargs.

$ ls -1 *.sh
$ ls -1 *.sh | xargs
Run Commands Using Xargs

Run Commands Using Xargs

To count the number of lines/words/characters in each file in a list, use the commands below.

$ ls *.sh | xargs wc -l #count number of lines in each file
$ ls *.sh | xargs wc -w #count number of words in each file
$ ls *.sh | xargs wc -c #count number of characters in each file
$ ls *.sh | xargs wc #count lines, words and characters in each file
Count File Words Using Xargs

Count File Words Using Xargs

The command below finds and recursively deletes the directory named All in the current directory.

$ find . -name "All" -type d -print0 | xargs -0 /bin/rm -rf "{}"

The find command with option -print0 action enables printing of the full directory path on the standard output, followed by a null character and -0 xargs flag deals with space in filenames.

You can find other practical xargs command usage examples in these articles:

  1. How to Copy a File to Multiple Directories in Linux
  2. Rename All Files and Directory Names to Lowercase in Linux
  3. 4 Ways to Batch Convert Your PNG to JPG and Vice-Versa
  4. 3 Ways to Delete All Files in a Directory Except One or Few Files with Extensions

How to Use Tee with Commands in Linux

This example shows how to send command output to standard output and save to a file; the command below allows you to view top running processes by highest memory and CPU usage in Linux.

$ ps -eo cmd,pid,ppid,%mem,%cpu --sort=-%mem | head | tee topprocs.txt
$ cat topprocs.txt
Save Command Output to File

Save Command Output to File

To append data in an existing file(s), pass the -a flag.

$ ps -eo cmd,pid,ppid,%mem,%cpu --sort=-%mem | head | tee -a topprocs.txt 

You can find more information in tee and xargs man pages.

$ man xargs
$ man tee

That’s all! Do not forget to check out our special article: A – Z Linux Commands – Overview with Examples.

In this article, we described how to generate command lines using pipelines; xargs and tee commands. You can ask any questions or share any thoughts via the feedback form below.

File restoration in cPanel & WHM Version 68

Version 68 was released this week, and I want to talk to you about one of the most exciting new features: As both an end-user and as a server administrator you can now restore individual files from an account backup! Let’s take a look at how it works as of version 68.

Step 1: Have available backups

Before you can restore from an account backup, you must first have backups already made. To enable backups, go in to WHM as the root user, or as a root-enabled reseller, and navigate to the Backup Configuration interface. From there you can select the backup schedule and define which users you want to have backups. Please note: the restoration feature does require locally stored backups, so make sure you select “Retain backups in the default backup directory.” if you are also storing your backups remotely.

Step 2: Restore a file

The interface is very similar in both WHM and in cPanel, so I’m just going to show you the cPanel interface here. To access your backups, navigate in cPanel to “File Restoration”. If you don’t see that option in cPanel, ask your server administrator to ensure that the “Backup Manager” feature has been added to your account.

Once you open that interface you are presented with the list of files in your backup. For example, if you wanted to restore a file from your public_html folder, you would click public_html.

Then select the file that you want to restore (index.html in our case) and you are then presented with the list of dates that you can restore that file from.

Once you choose one version to restore, you are asked to confirm before continuing.

You also get a confirmation message once the restore is complete!

In case it’s easier to watch for you, have a quick screen capture video:

When nightly account backups are taken, a file list is generated and stored in the backup folder for each account. Those file lists are used by the file restoration interfaces, allowing you to quickly and easily view the files available for restore.

For detailed information about the contents of that file, how to generate it, and how to read it, see the version 68 Documentation.

In 2018 we want to be able to update and expand this feature to include the ability to restore folders. We also have remote restorations and a more robust backup schedule on our radar. What else would you like to see? Comment below or find me on twitter and let us know what you think!

———

This post written almost entirely to my (admittedly heavy on Halsey) “don’t know how to treat me” playlist.

How to Make File and Directory Undeletable, Even By Root in Linux

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: {via: ‘tecmint’}},
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://www.tecmint.com/wp-content/themes/tecmint/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘How to Make File and Directory Undeletable, Even By Root in Linux’,media: ‘https://www.tecmint.com/wp-content/uploads/2017/10/Make-File-Directory-Undeletable-in-Linux.png’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});
// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var shareContainer = jQuery(“.sharrre-container”),
header = jQuery(‘#header’),
postEntry = jQuery(‘.entry’),
$window = jQuery(window),
distanceFromTop = 20,
startSharePosition = shareContainer.offset(),
contentBottom = postEntry.offset().top + postEntry.outerHeight(),
topOfTemplate = header.offset().top;
getTopSpacing();
shareScroll = function(){
if($window.width() > 719){ var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – (shareContainer.outerHeight() + topSpacing);
if(scrollTop > stopLocation){
shareContainer.offset({top: contentBottom – shareContainer.outerHeight(),left: startSharePosition.left});
}
else if(scrollTop >= postEntry.offset().top-topSpacing){
shareContainer.offset({top: scrollTop + topSpacing, left: startSharePosition.left});
}else if(scrollTop 1024)
topSpacing = distanceFromTop + jQuery(‘.nav-wrap’).outerHeight();
else
topSpacing = distanceFromTop;
}
});
]]>

How To Protect Hard and Symbolic Links in CentOS/RHEL 7

In Linux, hard and soft links are referenced to files, which are very important, if not protected very well, any vulnerabilities in them can be exploited by malicious system users or attackers.

A common vulnerability is the symlink race. It is a security vulnerability in software, that comes about when a program insecurely creates files (especially temporary files), and a malicious system user can create a symbolic (soft) link to such a file.

Read Also: How to Create Hard and Symbolic Link in Linux

This is practically happens; a program checks if a temp file exists or not, in case it doesn’t, it creates the file. But in that short period of time between checking the file and creating it, an attacker can possibly create a symbolic link to a file and he or she is not permitted to access.


So when the program runs with valid privileges creates the file with the same name as the one created by the attacker, it literally creates the target (linked-to) file the attacker was intending to access. This, hence, could give the attacker a path way to steal sensitive information from the root account or execute a malicious program on the system.

Therefore, in this article, we will show you how to secure hard and symbolic links from malicious users or hackers in CentOS/RHEL 7 distributions.

On CentOS/RHEL 7 exists a vital security feature which only permits links to be created or followed by programs only if some conditions are satisfied as described below.

For Hard Links

For a system user to create a link, one of the following conditions has to be fulfilled.

  • the user can only link to files that he or she owns.
  • the user must first have read and write access to a file, that he or she wants to link to.

For Symbolic Links

Processes are only allowed to follow links that are outside of world-writable (other users are allowed to write to) directories that have sticky bits, or one of the following has to be true.

  • the process following the symbolic link is the owner of the symbolic link.
  • the owner of the directory is also the owner of the symbolic link.

Enable or Disable Protection on Hard and Symbolic Links

Importantly, by default, this feature is enabled using the kernel parameters in the file /usr/lib/sysctl.d/50-default.conf (value of 1 means enable).

fs.protected_hardlinks = 1
fs.protected_symlinks = 1

However, for one reason or the other, if you want to disable this security feature; create a file called /etc/sysctl.d/51-no-protect-links.conf with these kernel options below (value of 0 means disable).

Take note of that 51 in the filename (51-no-protect-links.conf), it has to be read after the default file to override the default settings.

fs.protected_hardlinks = 0
fs.protected_symlinks = 0

Save and close the file. Then use the the command below to effect the above changes (this command actually loads settings from each and every system configuration file).

# sysctl --system
OR
# sysctl -p #on older systems

You might also like to read these following articles.

  1. How to Password Protect a Vim File in Linux
  2. 5 ‘chattr’ Commands to Make Important Files IMMUTABLE (Unchangeable) in Linux

That’s all! You can post your queries or share any thoughts relating to this topic via the feedback form below.

3 cPanel & WHM Add-ons For Fighting Spam Email

Being a hosting provider isn’t easy. We get that. There are many unforeseeable occurrences that can put a damper on your service — however, spam email shouldn’t be one of them. We’ve highlighted three cPanel & WHM add-ons that you can use to fight incoming spam, malware, and viruses on your server and, ultimately, offer your customers a better experience.

SpamStopsHere
SpamStopsHere is a unique, multilayer filter system that uses four criteria levels to weed out spam and malicious content, while permitting spamstopshere-email-protection-cloud1legitimate email, with a nearly 99.5% success rate. The first layer, the IP Blacklist, flags any email sent from known spam servers. The next layer scans the document for URLs associated with spam. The third layer scans it for strange phrases, rather than keywords, linked to malicious content. Finally, the last layer scans the format of the document for tricks often used by spammers to bypass normal email clients. This robust, dynamic process lessens server load and should make your customers pretty happy.

SpamStopsHere>>>

ASSP Deluxe for cPanel
ASSP (Anti-Spam SMTP Proxy) Deluxe for cPanel is a nifty plugin that eradicates spam email and the easy-to-install widget comes loaded with additional features and customizations. You can set up criterion for custom spam boxes, receive daily email reports, and tinker with a whole host of other automatable functions, cutting a fraction of your workload.

ASSP Deluxe for cPanel>>>

SpamExperts cPanel Add-on
This add-on gives cPanel users one-click access to a wide range of anti-spam solutions packaged within the SpamExperts widget. Not only does spamexpertsSpamExperts’ cPanel add-on protect domains from email-based threats, it enables hosting providers to offer custom spam-fighting tools. Using the SpamExperts plugin, you can increase security for your customers and add value to your business.

SpamExperts cPanel Add-on>>>

Browse the cPanel Application Catalog

*These are 3rd party plugins that are not managed or owned by cPanel, Inc.  Issues that may arise when using these products should be directed to the respective plugin developers.

*  This post was originally posted on June 9, 2015, and has been updated for accuracy. 


Are you a developer?

Check out the cPanel Software Development Kit and contribute to the expanding suite of tools created by brilliant minds in the cPanel community. Who knows – your widget just may become our next featured application.

10 Strace Commands for Troubleshooting and Debugging Linux Processes

strace is a powerful command line tool for debugging and trouble shooting programs in Unix-like operating systems such as Linux. It captures and records all system calls made by a process and the signals received by the process.

Read Also: How to Audit Linux Process Using ‘autrace’ on CentOS/RHEL

It displays the name of each system call together with its arguments enclosed in a parenthesis and its return value to standard error; you can optionally redirect it to a file as well.

In this article, we will explain 10 strace command examples for troubleshooting and debugging programs and processes in a Linux system.

How to Install Strace Process Monitoring Tool in Linux


If strace is not pre-installed on your Linux system, run the appropriate command below for your distribution, to install it.

$ sudo apt install strace #Debian/Ubuntu # yum install strace #RHEL/CentOS
# dnf install strace #Fedora 22+

In case a program crashes or behaves in a way not expected, you can go through its systems calls to get a clue of what exactly happened during its execution. As we will see later on, system calls can be categorized under different events: those relating to process management, those that take a file as an argument, those that involve networking, memory mapping, signals, IPC and also file descriptor related system calls.

You can either run a program/command with strace or pass a PID to it using the -p option as in the following examples.

1. Trace Linux Command System Calls

You can simply run a command with strace like this, here we are tracing of all system calls made by the df command.

$ strace df -h
execve("/bin/df", ["df", "-h"], [/* 50 vars */]) = 0
brk(NULL) = 0x136e000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82f78fd000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=147662, ...}) = 0
mmap(NULL, 147662, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f82f78d8000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f82f7310000
...

From the output above, you can see various types of system calls made by df command, for example.

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

Where:

  • open – is the type of system call
  • (“/etc/ld.so.cache”, O_RDONLY|O_CLOEXEC) – system call argument
  • 3 – system call return value

Below is an sample output showing the write system calls, that displays df command output on the screen.

mmap(NULL, 26258, PROT_READ, MAP_SHARED, 3, 0) = 0x7f82f78f5000
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
write(1, "Filesystem Size Used Avail"..., 49Filesystem Size Used Avail Use% Mounted on
) = 49
write(1, "udev 3.9G 0 3.9G"..., 43udev 3.9G 0 3.9G 0% /dev
) = 43
write(1, "tmpfs 788M 9.6M 779M"..., 43tmpfs 788M 9.6M 779M 2% /run
) = 43
write(1, "/dev/sda10 324G 252G 56G"..., 40/dev/sda10 324G 252G 56G 82% /
) = 40
write(1, "tmpfs 3.9G 104M 3.8G"..., 47tmpfs 3.9G 104M 3.8G 3% /dev/shm
) = 47
write(1, "tmpfs 5.0M 4.0K 5.0M"..., 48tmpfs 5.0M 4.0K 5.0M 1% /run/lock
) = 48
write(1, "tmpfs 3.9G 0 3.9G"..., 53tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
) = 53
write(1, "cgmfs 100K 0 100K"..., 56cgmfs 100K 0 100K 0% /run/cgmanager/fs
) = 56
write(1, "tmpfs 788M 36K 788M"..., 53tmpfs 788M 36K 788M 1% /run/user/1000
) = 53
close(1) = 0
close(2) = 0
exit_group(0) = ?
+++ exited with 0 +++

2. Trace Linux Process PID

If a process is already running, you can trace it by simply passing its PID as follows; this will fill your screen with continues output that shows system calls being made by the process, to end it, press [Ctrl + C].

$ sudo strace -p 3569
strace: Process 3569 attached
restart_syscall(<... resuming interrupted poll ...>) = 1
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"U\2\24\300!\247\330\0\3\24\4\0\20\0\0\0\0\0\0\24\24\24\24\24\0\0\3\37%\2\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 32
recvmsg(4, 0x7ffee4dbf870, 0) = -1 EAGAIN (Resource temporarily unavailable)
recvmsg(4, 0x7ffee4dbf850, 0) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN}, {fd=30, events=POLLIN}, {fd=31, events=POLLIN}], 6, -1) = 1 ([{fd=31, revents=POLLIN}])
read(31, "\372", 1) = 1
recvmsg(4, 0x7ffee4dbf850, 0) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN}, {fd=30, events=POLLIN}, {fd=31, events=POLLIN}], 6, 0) = 1 ([{fd=31, revents=POLLIN}])
read(31, "\372", 1) = 1
recvmsg(4, 0x7ffee4dbf850, 0) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=10, events=POLLIN}, {fd=30, events=POLLIN}, {fd=31, events=POLLIN}], 6, 0) = 0 (Timeout)
mprotect(0x207faa20000, 8192, PROT_READ|PROT_WRITE) = 0
mprotect(0x207faa20000, 8192, PROT_READ|PROT_EXEC) = 0
mprotect(0x207faa21000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x207faa21000, 4096, PROT_READ|PROT_EXEC) = 0
...

3. Get Summary of Linux Process

Using the -c flag, you can generate a report of total time, calls, and errors for each system call, as follows.

$ sudo strace -c -p 3569
strace: Process 3569 attached
^Cstrace: Process 3569 detached
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
99.73 0.016000 8 1971 poll
0.16 0.000025 0 509 75 futex
0.06 0.000010 0 1985 1966 recvmsg
0.06 0.000009 0 2336 mprotect
0.00 0.000000 0 478 read
0.00 0.000000 0 13 write
0.00 0.000000 0 29 mmap
0.00 0.000000 0 9 munmap
0.00 0.000000 0 18 writev
0.00 0.000000 0 351 madvise
0.00 0.000000 0 1 restart_syscall
------ ----------- ----------- --------- --------- ----------------
100.00 0.016044 7700 2041 total

4. Print Instruction Pointer During System Call

The -i option displays the instruction pointer at the time of each system call made by the program.

$ sudo strace -i df -h
[00007f0d7534c777] execve("/bin/df", ["df", "-h"], [/* 17 vars */]) = 0
[00007faf9cafa4b9] brk(NULL) = 0x12f0000
[00007faf9cafb387] access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
[00007faf9cafb47a] mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faf9cd03000
[00007faf9cafb387] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
[00007faf9cafb327] open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
[00007faf9cafb2b4] fstat(3, {st_mode=S_IFREG|0644, st_size=147662, ...}) = 0
[00007faf9cafb47a] mmap(NULL, 147662, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7faf9ccde000
[00007faf9cafb427] close(3) = 0
[00007faf9cafb387] access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
[00007faf9cafb327] open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
[00007faf9cafb347] read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
[00007faf9cafb2b4] fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
[00007faf9cafb47a] mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faf9c716000
[00007faf9cafb517] mprotect(0x7faf9c8d6000, 2097152, PROT_NONE) = 0
...

5. Show Time of Day For Each Trace Output Line

You can also print the time of day for each line in the trace output, by passing the -t flag.

$ sudo strace -t df -h
15:19:25 execve("/bin/df", ["df", "-h"], [/* 17 vars */]) = 0
15:19:25 brk(NULL) = 0x234c000
15:19:25 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
15:19:25 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c7f1d9000
15:19:25 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
15:19:25 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
15:19:25 fstat(3, {st_mode=S_IFREG|0644, st_size=147662, ...}) = 0
15:19:25 mmap(NULL, 147662, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8c7f1b4000
15:19:25 close(3) = 0
15:19:25 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
15:19:25 open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
15:19:25 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
15:19:25 fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
15:19:25 mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8c7ebec000
15:19:25 mprotect(0x7f8c7edac000, 2097152, PROT_NONE) = 0
...

6. Print Command Time Spent in System Calls

To shows the time difference between the starting and the end of each system call made by a program, use the -T option.

$ sudo strace -T df -h
execve("/bin/df", ["df", "-h"], [/* 17 vars */]) = 0 <0.000287>
brk(NULL) = 0xeca000 <0.000035>
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) <0.000028>
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9aff2b1000 <0.000020>
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) <0.000019>
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 <0.000022>
fstat(3, {st_mode=S_IFREG|0644, st_size=147662, ...}) = 0 <0.000015>
mmap(NULL, 147662, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9aff28c000 <0.000019>
close(3) = 0 <0.000014>
...

7. Trace Only Specific System Calls

In the command below, trace=write is known as a qualifying expression, where trace is a qualifier (others include signal, abbrev, verbose, raw, read, or write). Here, write is the value of the qualifier.

The following command actually shows the system calls to print df output on standard output.

$ sudo strace -e trace=write df -h
write(1, "Filesystem Size Used Avail"..., 49Filesystem Size Used Avail Use% Mounted on
) = 49
write(1, "udev 3.9G 0 3.9G"..., 43udev 3.9G 0 3.9G 0% /dev
) = 43
write(1, "tmpfs 788M 9.6M 779M"..., 43tmpfs 788M 9.6M 779M 2% /run
) = 43
write(1, "/dev/sda10 324G 252G 56G"..., 40/dev/sda10 324G 252G 56G 82% /
) = 40
write(1, "tmpfs 3.9G 104M 3.8G"..., 47tmpfs 3.9G 104M 3.8G 3% /dev/shm
) = 47
write(1, "tmpfs 5.0M 4.0K 5.0M"..., 48tmpfs 5.0M 4.0K 5.0M 1% /run/lock
) = 48
write(1, "tmpfs 3.9G 0 3.9G"..., 53tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
) = 53
write(1, "cgmfs 100K 0 100K"..., 56cgmfs 100K 0 100K 0% /run/cgmanager/fs
) = 56
write(1, "tmpfs 788M 28K 788M"..., 53tmpfs 788M 28K 788M 1% /run/user/1000
) = 53
+++ exited with 0 +++

Here are some additional commands about trace qualifier.

$ sudo strace -e trace=open,close df -h
$ sudo strace -e trace=open,close,read,write df -h
$ sudo strace -e trace=all df -h 

8. Trace System Calls Based on a Certain Condition

Let’s look at how to trace system calls relating to a given class of events. This command can be used to trace all system calls involving process management.

$ sudo strace -q -e trace=process df -h execve("/bin/df", ["df", "-h"], [/* 17 vars */]) = 0
arch_prctl(ARCH_SET_FS, 0x7fe2222ff700) = 0
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 788M 9.6M 779M 2% /run
/dev/sda10 324G 252G 56G 82% /
tmpfs 3.9G 104M 3.8G 3% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
cgmfs 100K 0 100K 0% /run/cgmanager/fs
tmpfs 788M 28K 788M 1% /run/user/1000
exit_group(0) = ?
+++ exited with 0 +++

Next, to trace all system calls that take a filename as an argument, run this command.

$ sudo strace -q -e trace=file df -h
execve("/bin/df", ["df", "-h"], [/* 17 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
...

To trace all system calls involving memory mapping, type.

$ sudo strace -q -e trace=memory df -h brk(NULL) = 0x77a000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8f4658000
mmap(NULL, 147662, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fe8f4633000
mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8f406b000
mprotect(0x7fe8f422b000, 2097152, PROT_NONE) = 0
mmap(0x7fe8f442b000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7fe8f442b000
mmap(0x7fe8f4431000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8f4431000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8f4632000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8f4631000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8f4630000
mprotect(0x7fe8f442b000, 16384, PROT_READ) = 0
mprotect(0x616000, 4096, PROT_READ) = 0
mprotect(0x7fe8f465a000, 4096, PROT_READ) = 0
munmap(0x7fe8f4633000, 147662) = 0
mmap(NULL, 2981280, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fe8f3d93000
brk(NULL) = 0x77a000
brk(0x79b000) = 0x79b000
mmap(NULL, 619, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fe8f4657000
mmap(NULL, 26258, PROT_READ, MAP_SHARED, 3, 0) = 0x7fe8f4650000
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 788M 9.6M 779M 2% /run
/dev/sda10 324G 252G 56G 82% /
tmpfs 3.9G 104M 3.8G 3% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
cgmfs 100K 0 100K 0% /run/cgmanager/fs
tmpfs 788M 28K 788M 1% /run/user/1000
+++ exited with 0 +++

You can trace all network and signals related system calls.

$ sudo strace -e trace=network df -h
$ sudo strace -e trace=signal df -h

9. Redirect Trace Output to File

To write the trace messages sent to standard error to a file, use the -o option. This means that only the command output is printed on the screen as shown below.

$ sudo strace -o df_debug.txt df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 788M 9.6M 779M 2% /run
/dev/sda10 324G 252G 56G 82% /
tmpfs 3.9G 104M 3.8G 3% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
cgmfs 100K 0 100K 0% /run/cgmanager/fs
tmpfs 788M 28K 788M 1% /run/user/1000

To look through the file, use cat command.

$ cat df_debug.txt 

10. Show Some Debugging Output of Strace

To show debugging information for strace tool, use the -d flag.

$ strace -d df -h

For additional information, see the strace man page.

$ man strace

Also read these useful related articles:

  1. 20 Command Line Tools to Monitor Linux Performance
  2. Sysdig – A Powerful System Monitoring and Troubleshooting Tool for Linux
  3. How to Trace Execution of Commands in Shell Script with Shell Tracing
  4. BCC – Dynamic Tracing Tools for Linux Performance Monitoring, Networking and More

In conclusion, strace is a remarkable tool for diagnosing cause(s) of program failure: it is a powerful debugging and trouble shooting. It is practically useful to experienced system administrators, programmers and hackers. To share any thoughts concerning this article, use the feedback form below.

How to Create Hard and Symbolic Links in Linux

In Unix-like operating systems such as Linux, “everything is a file” and a file is fundamentally a link to an inode (a data structure that stores everything about a file apart from its name and actual content).

A hard link is a file that points to the same underlying inode, as another file. In case you delete one file, it removes one link to the underlying inode. Whereas a symbolic link (also known as soft link) is a link to another filename in the filesystem.

Read Also: How to Perform File and Directory Management

Another important difference between the two types of links is that hard links can only work within the same filesystem while symbolic links can go across different filesystems.

How to Create Hard Links in Linux


To create a hard links in Linux, we will use ln utility. For example, the following command creates a hard link named tp to the file topprocs.sh.

$ ls -l
$ ln topprocs.sh tp
$ ls -l
Create a Hard Link to File

Create a Hard Link to File

Looking at the output above, using ls command, the new file is not indicated as a link, it is shown as a regular file. This implies that tp is just another regular executable file that points to the same underlying inode as topprocs.sh.

To make a hard link directly into a soft link, use the -P flag like this.

$ ln -P topprocs.sh tp

How to Create Symbolic Links in Linux

To create a symbolic links in Linux, we will use same ln utility with -s switch. For example, the following command creates a symbolic link named topps.sh to the file topprocs.sh.

$ ln -s ~/bin/topprocs.sh topps.sh
$ ls -l topps.sh
Create a Symbolic Link to File

Create a Symbolic Link to File

From the above output, you can see from the file permissions section that topps.sh is a link indicated by l: meaning it is a link to another filename.

If the symbolic link already exist, you may get an error, to force the operation (remove exiting symbolic link), use the -f option.

$ ln -s ~/bin/topprocs.sh topps.sh
$ ln -sf ~/bin/topprocs.sh topps.sh
Forcefully Create Symbolic Link

Forcefully Create Symbolic Link

To enable verbose mode, add the -v flag to prints the name of each linked file in the output.

$ ln -sfv ~/bin/topprocs.sh topps.sh
$ $ls -l topps.sh
Enable Verbose in Command Output

Enable Verbose in Command Output

That’s It! Do check out these following related articles.

  1. fdupes – A Command Line Tool to Find and Delete Duplicate Files in Linux
  2. 5 Useful Commands to Manage File Types and System Time in Linux

In this article, we’ve learned how to create hard and symbolic links in Linux. You can ask any question(s) or share your thoughts about this guide via the feedback form below.

How to Recover or Rescue Corrupted Grub Boot Loader in CentOS 7

In this tutorial we’ll cover the process of rescuing a corrupted boot loader in CentOS 7 or Red Hat Enterprise Linux 7 and recover the a forgotten root password.

The GRUB boot loader can sometimes be damaged, compromised or deleted in CentOS due to various issues, such as hardware or software related failures or sometimes can be replaced by other operating systems, in case of dual-booting. A corrupted Grub boot loader makes a CentOS/RHEL system unable to boot and transfer the control further to Linux kernel.

The Grub boot loader stage one is installed on the first 448 bytes at the beginning of every hard disk, in an area typically known as the Master Boot Record (MBR).

Read Also: How to Rescue, Repair and Recover Grub Boot Loader in Ubuntu


The MBR maximum size is 512 byes long. If from some reason the first 448 bytes are overwritten, the CentOS or Red Hat Enterprise Linux cannot be loaded unless you boot the machine with a CentOS ISO image in rescue mode or using other boot loading methods and reinstall the MBR GRUB boot loader.

Requirements

  1. Download CentOS 7 DVD ISO Image

Recover GRUB Boot Loader in CentOS 7

1. On the first step, download the latest version of CentOS 7 ISO image and burn it to a DVD or create a bootable USB stick. Place the bootable image into your machine appropriate drive and reboot the machine.

While the BIOS performs the POSTs tests, press a special key (Esc, F2, F11, F12, Del depending on the motherboard instructions) in order to enter BIOS settings and modify the boot sequence so that the bootable DVD/USB image is booted first at machine start-up, as illustrated in the below image.

System Boot Menu

System Boot Menu

2. After the CentOS 7 bootable media has been detected, the first screen will appear in your machine monitor output. From the first menu choose the Troubleshooting option and press [enter] key to continue.

Select CentOS 7 Troubleshooting

Select CentOS 7 Troubleshooting

3. On the next screen choose Rescue a CentOS system option and press [enter] key to move further. A new screen will appear with the message ‘Press the Enter key to begin the installation process’. Here, just press [enter] key again to load the CentOS system to memory.

Rescue CentOS 7 System

Rescue CentOS 7 System

Rescue CentOS 7Process

Rescue CentOS 7Process

4. After the installer software loads into your machine RAM, the rescue environment prompt will appear on your screen. On this prompt type 1 in order to Continue with the system recovery process, as illustrated in the below image.

CentOS 7 Rescue Prompt

CentOS 7 Rescue Prompt

5. On the next prompt the rescue program will inform you that your system has been mounted under /mnt/sysimage directory. Here, as the rescue program suggests, type chroot /mnt/sysimage in order to change Linux tree hierarchy from the ISO image to the mounted root partition under your disk.

Mount CentOS 7 Image

Mount CentOS 7 Image

6. Next, identify your machine hard drive by issuing the below command in the rescue prompt.

# ls /dev/sd*

In case your machine uses an underlying old physical RAID controller, the disks will have other names, such as /dev/cciss. Also, in case your CentOS system is installed under a virtual machine, the hard disks can be named /dev/vda or /dev/xvda.

However, after you’ve identified your machine hard disk, you can start installing the GRUB boot loader by issuing the below commands.

# ls /sbin | grep grub2 # Identify GRUB installation command
# /sbin/grub2-install /dev/sda # Install the boot loader in the boot partition of the first hard disk
Install Grub Boot Loader in CentOS 7

Install Grub Boot Loader in CentOS 7

7. After the GRUB2 boot loader is successfully installed in your hard disk MBR area, type exit to return to the CentOS boot ISO image tree and reboot the machine by typing init 6 in the console, as illustrated in the below screenshot.

Exit CentOS 7 Grub Prompt

Exit CentOS 7 Grub Prompt

8. After machine restart, you should, first, enter BIOS settings and change the boot order menu (place the hard disk with the installed MBR boot loader on the first position in boot menu order).

Save BIOS settings and, again, reboot the machine to apply the new boot order. After reboot the machine should start directly into the GRUB menu, as shown in the below image.

CentOS 7 Grub Menu

CentOS 7 Grub Menu

Congratulations! You’ve successfully repaired your CentOS 7 system damaged GRUB boot loader. Be aware that sometimes, after restoring the GRUB boot loader, the machine will restart once or twice in order to apply the new grub configuration.

Recover Root Password in CentOS 7

9. If you’ve forgotten the root password and you cannot log in to CentOS 7 system, you can basically reset (blank) the password by booting the CentOS 7 ISO DVD image in recovery mode and follow the same steps as shown above, until you reach step 6. While you’re chrooted into your CentOS installation file system, issue the following command in order to edit Linux accounts password file.

# vi /etc/shadow

In shadow file, identify the root password line (usually is the first line), enter vi edit mode by pressing the i key and delete the entire string in between the first colon “:” and the second colon ”:”, as illustrated in the below screenshot.

Root Encrypted Password

Root Encrypted Password

Delete Root Encrypted Password

Delete Root Encrypted Password

After you finish, save the file by pressing the following keys in this order Esc -> : -> wq!

10. Finally, exit the chrooted console and type init 6 to reboot the machine. After reboot, login to your CentOS system with the root account, which has no password configured now, and setup a new password for root user by executing the passwd command, as illustrated in the below screenshot.

Set New Root Password in CentOS 7

Set New Root Password in CentOS 7

That’s all! Booting a physical machine or a VM with a CentOS 7 DVD ISO image in recovery mode can help system administrators to perform various troubleshooting tasks for a broken system, such as recovering data or the ones described in the tutorial.

How to Install PHP 7 in CentOS 7

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: {via: ‘tecmint’}},
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://www.tecmint.com/wp-content/themes/tecmint/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘How to Install PHP 7 in CentOS 7’,media: ‘https://www.tecmint.com/wp-content/uploads/2017/10/Install-PHP-7-in-CentOS-7.png’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});
// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var shareContainer = jQuery(“.sharrre-container”),
header = jQuery(‘#header’),
postEntry = jQuery(‘.entry’),
$window = jQuery(window),
distanceFromTop = 20,
startSharePosition = shareContainer.offset(),
contentBottom = postEntry.offset().top + postEntry.outerHeight(),
topOfTemplate = header.offset().top;
getTopSpacing();
shareScroll = function(){
if($window.width() > 719){ var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – (shareContainer.outerHeight() + topSpacing);
if(scrollTop > stopLocation){
shareContainer.offset({top: contentBottom – shareContainer.outerHeight(),left: startSharePosition.left});
}
else if(scrollTop >= postEntry.offset().top-topSpacing){
shareContainer.offset({top: scrollTop + topSpacing, left: startSharePosition.left});
}else if(scrollTop 1024)
topSpacing = distanceFromTop + jQuery(‘.nav-wrap’).outerHeight();
else
topSpacing = distanceFromTop;
}
});
]]>

The 2017 #cPConf Escape Room

Hi. I’m Laurence Simon. I’m a writer. I write things.

A lot of development teams here at cPanel have been going to escape rooms as team-building exercises. In escape rooms, you get locked in a room, and you have to figure out the puzzles and challenges to get free before the clock runs out. They also usually have some kind of theme, like a bomb about to go off, or a steampunk airship, or a zombie on a chain that will break free and eat your brains (I don’t want to nit-pick, Tom, but is this really your plan?).

When cPanel Conference for the 20th anniversary was announced, I thought “Why don’t we come up with our own escape room?” (Well, okay, I thought “Ft. Lauderdale! YEEEEHAAAWWWW!” But after a moment of panic trying to come up with a reason to go, I thought up that escape room thing.)

I scribbled up some notes and ideas and potential scenarios and puzzles (one of which involved an inflatable poo emoji… be glad that didn’t make the cut), and I handed the idea to Kelli, the intrepid SWAT Product Owner, and Travis, the fearless Conference Organizer. After a few meetings and brainstorming sessions, we came up with the story that you’d be trapped in a corrupted server with Apache SpamAssassin™, and you had to prove your identity that you weren’t spam. Otherwise, the SpamAssassin would eliminate you.

We ran tests on cPanel employees in a conference room at the cPanel home office. After a few runs, we tweaked the clues and added a few notes (that clock lock was a bit frustrating and the weight of the spam wasn’t always the same). And we planned some guidelines on when to give out hints or how much to taunt and distract the players.

The original plan was to use the locks on the conference room’s cabinets because the virtual reality tour of the W showed handles on their cabinets. We could run the chains through the handles. The change in venue from the W to the Ritz-Carlton changed that plan, and when we moved from the W to the Ritz-Carlton, we had to adjust for a whole different space. And the cabinets had no handles. Oops.

(I’ll be down at the bar, reaping Jack and Cokes.)

We changed our design to borrow luggage from the staff, and ran the locks through the handles, and told the players that they couldn’t open the luggage without opening the locks.

In all, we had 9 teams go through the escape room, and only one didn’t finish (they came really, really close). The best time was by Jon Kagan, Jawad Tabrez, and Michael Blandford. Way to go!

Three teams finished with less than a minute to spare, with one team down to their final ten seconds!

I think it went really well, and it was neat seeing the teamwork and the thought processes and problem-solving strategies that different people use. And, yes, the groans from when y’all realized that “Run a test on your storage” meant that the lock combination was TEST and not FSCK or HULK or CHKDISK (I did have fun setting it to NICK before each session).

(The answer to everything, really.)

I hope y’all had as much fun going through the puzzles as we did coming up with them and running the event. Plus, Kelli as the SpamAssassin, got to meet Kevin McGrail from the Apache Software Foundation, who develops SpamAssassin.

(Maybe we can do cpHulk next year and invite Stan Lee?)

Maybe next year, if we do this again, we’ll do a little carpentry and electronics. Rig up some lights, loop some sound effects, maybe even a smoke machine.

PS: In case you’re wondering, here’s the solution:

  1. Find the puzzle with the RSA key, notice that there’s four pieces missing.
  2. Find all four bags, ham, and Spam in cabinets.
  3. Notice that the clocks are both at 12:40 (Some teams saw that the hands pointed to 1, 5 and 8 and were confused, others noticed the second hand.)
  4. Open the clock lock with 1-2-4-0
  5. Open the bag, get the puzzle piece and the scale that says “What’s the difference?” (Some teams took a while to notice that note on the bottom of the scale.)
  6. Weigh ham and Spam, calculate that the difference is 184.
  7. Open the 3-digit lock with 184.
  8. Open the bag, get Hulk hand with numbers.
  9. SpamAssassin is hungry, and threatens to eliminate one of you.. Give the Spam to SpamAssassin.
  10. SpamAssassin hands you a puzzle piece and says “Run a test on your storage.”
  11. Open text lock with TEST (Some teams tried to use FSCK and HULK and KTRK and other combinations… the luggage tag was a red herring).
  12. Open the bag, get Hulk hand and pull out third puzzle piece.
  13. Put hands together, notice that the fingers which touch say “0777” which are full permissions. Also, “cP” and “Hulk” were written on the backs of those fingers. (Some teams really liked to do lots of math).
  14. Open the 4-digit lock with 0777.
  15. Retrieve final puzzle piece, finish puzzle
  16. SpamAssassin says that server is no longer corrupt, but you have to prove your identity
  17. Give the ham to SpamAssassin.

After 3 minutes, the Grim Reaper tended to hang around the next step of the puzzle, mumbling clues, and point the end of the scythe at it (when not practicing golf swings, taking photos, and calling Uber Underworld).

Note from benny: In case you missed it, you can see a bunch of pictures from this year’s conference in this Facebook album. If you want to make sure that you know about our conference next year, sign up here. It’s gonna be a Rockin good time.