banner

CGIWrap

Technical Services has installed a utility called CGIWrap on the University Web server www3.uakron.edu. This enables Information Providers and Web publishers on this system to allow the execution of CGI scripts under their own user account. CGI scripts executed in this manner will thus be restricted to the permissions of the user account under which they are run.

Additional information about this utility can be found in the standard CGIWrap documentation. Please note that the usage notes below have been customized for our environment. As a result, they may differ somewhat from the standard instructions found at that location.

Limiting the permissions of CGI scripts to those of the responsible user account will reduce (although not completely eliminate) the possibility of a CGI compromising system security or integrity. Damage done to the system will be the responsibility of the user account under which the CGI was run.

Steps to Run Scripts

  1. Scripts must be run from a cgi-bin subdirectory under your home directory. To create this subdirectory, type:

    2. mkdir $HOME/cgi-bin

  2. Be sure to put all your CGI scripts in your cgi-bin directory.
  3. Use the appropriate URL to execute a script:

    4. http://www3.uakron.edu/cgi-bin/cgiwrap/username/scriptname

    where username is your user account name and scriptname is the name of the script. The scriptname should end in .cgi, to follow local convention.

Restrictions

  1. You must own the script. To see the owner's user name, login to www3.uakron.edu and type:

    2. ls -l $HOME/cgi-bin/scriptname

  2. Your default group must own the file. To see a list of the groups of which you are a member, login to www3.uakron.edu and type:

    3. groups

    Your default group should be the first one listed.

    To see the group ownership of the file, login to www3.uakron.edu and type:

    ls -l $HOME/cgi-bin/scriptname

    To change the group ownership of the file, you must be the owner of the file and a member of the group to which you are changing it. To change the group ownership, login to www3.uakron.edu and type:

    chgrp newgroupname $HOME/cgi-bin/scriptname

  3. The script must be executable. To make the program executable, login to www3.uakron.edu and type:

    4. chmod a+x $HOME/cgi-bin/scriptname

  4. Scripts must be located in your $HOME/cgi-bin directory.
  5. The file permissions may NOT have the setuid or setgid bits set.

Notes

  1. By placing a CGI script such that it runs under your user id, you are effectively authorizing anybody on the Internet to run programs on your account. This is worth thinking twice about.
  2. It is not currently possible to restrict access to the scripts you run under CGIwrap. However, your scripts can enforce host-based access control by checking the environment variables REMOTE_HOST and REMOTE_ADDR, which will contain the hostname and IP address of the remote host.
  3. To see debugging output for your CGI, specify cgiwrapd instead of cgiwrap in the URL.

UA Home Page Information Services Page maintained by: Technical Services
Last modified: Tuesday, 31-Jan-06 17:05:18 University of Akron logo