User CGI FAQ
As a BSOE user, you can run web CGI scripts from your personal home page. Your CGI programs can be created with PHP, Python, Perl, actual CGI executables or shell scripts.
Your CGI script will be executed by CGIWrap. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the web server. Scripts are run with the permissions of the user who owns the script. In addition, several security checks are performed on the script, which will not be executed if any checks fail.
Instructions
- Create a web folder in your home folder (
mkdir -p ~/.html/cgi-bin) - Make sure that your home folder allows world execute (
chmod o+x ~) - Make sure that your
.htmlandcgi-binfolders allows worls read access (chmod o+rx ~/.html ~/.html/cgi-bin) - Install scripts in that directory, and make them owned and executable by you (
chmod 755 ~/.html/cgi-bin/*). For example,http://www.soe.ucsc.edu/~user/cgi-bin/finger.plwill run the cgi script finger.pl from the user's personal html directory~user/.html/cgi-bin. It is important that a directory called cgi-bin is created in the .html directory, and the scripts are stored there.
Debugging
To debug your programs, use cgi-bin-d in place of the cgi-bin in the URL above, e.g. /~user/cgi-bin-d/finger.pl. This will give you debugging information that will help you figure out what is wrong with your program.
cgiwrap has been used for quite some time on the SOE web site, so if you get an error, it is most likely a problem with your program. Please make sure you have attempted to debug your program before contacting the .
A Note About Security
Running CGI programs or PHP scripts from your home directory can lead to your personal or SOE web files being compromised. Programs run from your ~/.html/cgi-bin directory run with your permissions and ownership. These programs could potentially expose any files or information in your home directory to the outside world.
Before writing and running CGI-based programs, please make yourself familiar with the risks involved, and take the necessary precautions to protect yourself and SOE's properties. The Open Web Application Security Project is a good source of information on web application security. Their Ten Most Critical Web Application Security Vulnerabilities paper is a good place to start.