Monthly Archives: September 2013

Contact Form 7 restrict access

In its default settings, Contact Form 7 allows all users except subscriber users to have access to the administration panel; but allows only administrator and editor users to edit contact forms. You might feel that you would want to change this setting to restrict access even more, so I will show you how to do this in this article.

For example, let’s change access to allow only administrator users access and editing rights. You can do this by editing your wp-config.php and inserting these lines:

define( 'WPCF7_ADMIN_READ_CAPABILITY', 'manage_options' );
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'manage_options' );

Add SSH user to your Synology Diskstation

It is best not to SSH into your diskstation with your admin or root account. Create a separate user for this with the appropriate permissions. The steps below outline the procedure to create a new user with SSH access to your diskstation.

1. Create a user through the webinterface, DSM, of your diskstation.

2. Open a (root) terminal on your diskstation and edit the password file:

vi /etc/passwd

The last line in this file is your new user. The user cannot login because the shell is set to /sbin/nologin. Change the /sbin/nologin to /bin/ash

Copy the $HOME/.profile to /var/services/homes/[new user]
Edit this .profile file and change the value of $HOME to /var/services/homes/[new user]

3. Now you can login to your diskstation with SSH and username / password:

ssh newuser@diskstation.local

4. To automate the login procedure create an rsa public/private key pair (this should be done on your local machine; not your diskstation). For this to work be sure to enable the “User home service” on your diskstation (press User Home button on user control panel).

# Keep the defaults if possible; filename is id_rsa; remember your passphrase!

5. Copy the public part of the key to your NAS to $HOME/.ssh

6. Create an authorized key file and set file permission to user-read only:

cd $HOME/.ssh
cat [your_public_key_file] >> authorized_keys
chmod 400 authorized_keys
rm [your_public_key_file]

7. Exit your terminal

8. SSH again to your diskstation; type your passphrase and you are in:

ssh newuser@diskstation.local

MySQL automated database backup

This article describes a way to setup a regular backup for your MySQL databases. This method uses the crontab to schedule backup jobs (you could also use the logrotate method).

The database backups are stored in separate files. Once database backup is completed the file is zipped and password encrypted with openssl.

First create a .my.cnf file in your home directory with the following contents:


Make sure the file is only readable by your self:

chown 600 ~/.my.cnf

Next create a SQL user as shown below:

mysql> grant lock tables,select,reload,show databases,event on *.* to 'backup'@'localhost' identified by '1234567890';
mysql> flush privileges;

Create a folder in for example /var/backups/ and name it mysql

mkdir /var/backups/mysql

Create a script called at a suitable location, for example your $HOME/cron/scripts folder (make it NOT world readable / writeable):


if [ ! -d "$BACKUPDEST" ]; then
echo "$BACKUPDEST does not exist, exiting"
exit 1

# Remove backup files older dan 7 days
/usr/bin/find $BACKUPDEST/*.sql.gz.enc -type f -mtime +5 -exec rm {} \;

# Backup all mysql databases to separate files. The files are gzipped and encoded with a password.
umask 077
/usr/bin/mysql -Ne "show databases" | grep -v schema |
while read db; do
CDATE=`date '+%Y-%m-%d-%H%M%S'`
/usr/bin/mysqldump --skip-events --events $db | /bin/gzip | /usr/bin/openssl aes-256-cbc -salt -k $CDATE > $BACKUPDEST/$db.$CDATE.sql.gz.enc;

Now it is time to add a cron.d file; go to /etc/cron.d and add a crontab file, e.g. backup_mysql, with the following contents:

# /etc/cron.d/anacron: crontab entries for the anacron package
M H * * * root /var/www/

Replace the M and H with minute and hour you want the backup to be performed.

That’s it; your mysql databases are backedup at the sepcified interval.