The University of Texas at Austin- What Starts Here Changes the World
Services Navigation


CGIWrap

ITS UNIX staff has installed CGIWrap on the UTS and CCWF systems. This enables Web publishers on these systems to execute CGI scripts under their own user id (uid).

Unfortunately, ITS and TeamWeb do not have the staff to write CGI scripts for Web publishers.

Note to UTS publishers: Even if you publish from the ~www or ~ftp area, you must follow the instructions below. That is, do not put cgi files in your regular publishing directory.

Steps to Run Scripts

  1. If you haven't already created a public_html directory in your logon directory, do so now. To create it, type:
    mkdir $HOME/public_html

  2. Within your public_html directory, create a cgi-bin directory. To do so, type:
    mkdir $HOME/public_html/cgi-bin

  3. Be sure to put all your CGI scripts in the cgi-bin directory.

  4. Use the appropriate URL to execute a script:

    http://uts.cc.utexas.edu/cgi-bin/cgiwrap/username/scriptname

    http://ccwf.cc.utexas.edu/cgi-bin/cgiwrap/username/scriptname

    Where username is your user name and scriptname is the name of the script, the scriptname should end in .cgi, to follow local convention.

Restrictions

  1. You must own the script. To see the owner's user name, type:
    ls -l $HOME/public_html/cgi-bin/scriptname

  2. Your default group must own the file. To see a list of the groups you are a member of, type:
    groups

    Your default group should be the first one listed. To see the group ownership of the file, type:

    ls -lg $HOME/public_html/cgi-bin/scriptname

  3. The script must be executable. To make the program executable, type:
    chmod 755 $HOME/public_html/cgi-bin/scriptname

  4. Scripts must be located in your $HOME/public_html/cgi-bin directory.

  5. The file permissions may NOT have the setuid or setgid bits set.

  6. Scripts have a resource LIMIT of 10 CPU seconds.

Notes

  1. By placing a CGI script such that it runs under your user id, you are effectively authorizing anybody on the Internet to run programs on your account. This is a security breach you should avoid.

  2. It is not currently possible to restrict access to the scripts you run under CGIWrap. However, your scripts can enforce host-based access control by checking the environment variables REMOTE_HOST and REMOTE_ADDR, which will contain the hostname and IP address of the remote host.

  3. If you receive an Internal Server Error, you can specify cgiwrapd instead of cgiwrap to see debugging output for your CGI script.

  4. You can use CGIWrap with forms, but the request should use the method POST. If you need to use the GET method, you need to include two HIDDEN fields in your form of names "user" and "script" that specify the user, and script to execute with CGIWrap. Use of the GET method for forms is discouraged due to limitations in the amount of data that can be passed to the script.

 


  Updated 2008 June 30
  Comments to TeamWeb