ITS UNIX staff has installed CGIWrap on the UTS and CCWF systems.
This enables Web publishers on these systems to execute CGI scripts
under their own user id (uid).
Unfortunately, ITS and TeamWeb do not have the staff to write CGI scripts
for Web publishers.
Note to UTS publishers: Even if you publish from the ~www or
~ftp area, you must follow the instructions below. That is, do not put
cgi files in your regular publishing directory.
Steps to Run Scripts
- If you haven't already created a public_html directory in your logon
directory, do so now. To create it, type:
- Within your public_html directory, create a cgi-bin directory. To
do so, type:
- Be sure to put all your CGI scripts in the cgi-bin directory.
- Use the appropriate URL to execute a script:
Where username is your user name and scriptname is the
name of the script, the scriptname should end in .cgi,
to follow local convention.
- You must own the script. To see the owner's user name, type:
ls -l $HOME/public_html/cgi-bin/scriptname
- Your default group must own the file. To see a list of the groups
you are a member of, type:
Your default group should be the first one listed. To see the group
ownership of the file, type:
ls -lg $HOME/public_html/cgi-bin/scriptname
- The script must be executable. To make the program executable, type:
chmod 755 $HOME/public_html/cgi-bin/scriptname
- Scripts must be located in your $HOME/public_html/cgi-bin directory.
- The file permissions may NOT have the setuid or setgid bits set.
- Scripts have a resource LIMIT of 10 CPU seconds.
- By placing a CGI script such that it runs under your user id, you
are effectively authorizing anybody on the Internet to run programs
on your account. This is a security breach you should avoid.
- It is not currently possible to restrict access to the scripts you
run under CGIWrap. However, your scripts can enforce host-based access
control by checking the environment variables REMOTE_HOST and REMOTE_ADDR,
which will contain the hostname and IP address of the remote host.
- If you receive an Internal
Server Error, you can specify cgiwrapd instead of cgiwrap
to see debugging output for your CGI script.
- You can use CGIWrap with forms, but the request should use the method
POST. If you need to use the GET method, you need to include
two HIDDEN fields in your form of names "user" and "script" that specify
the user, and script to execute with CGIWrap. Use of the GET method
for forms is discouraged due to limitations in the amount of data that
can be passed to the script.