TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:6177] execute cgi from ...com/~user/cgi-bin/hello
First of all, the security issues:
To be safe, you probably want to use the program 'suexec' to allow your
users to execute their cgi code. This is built into apache; it just needs
to be compiled with it. Basically, suexec will switch to the user who owns
the code before running it, therefore running it with their rights only.
Second, getting the darn thing working:
Well, the way you have it configured should work, but it may not be the
best way. Here's what you need to change to get it to work the way you're
doing it:
> httpd.conf:
> ScriptAlias /cgi-bin/ /home/username/www/cgi-bin/
That should be ScriptAlias /~username/cgi-bin/. Unless, of course, that
directory is under a virtual domain; if it is, you just use the same
scriptalias command you did for the virtual domain you have listed below.
If you are trying to allow your individual users
(http://www.example.com/~username) to individually execute cgi scripts,
the way I have always done this is to simply enable suexec, and then
enable ExecCGI for all of the user's home directories. This way, you
simply have them end the script name with .cgi, and when the server runs
into that file, anywhere, it will execute it as cgi. Here is a snippet of
the access.conf from one of my web servers (I renamed my user-html
directory from 'public_html' to 'html'):
<Directory "/home/*/html">
Options Indexes FollowSymLinks ExecCGI
# Note: This machine is fairly secure as to who the users are, therefore I
# feel comfortable using the 'FollowSymLinks' options for their
# convenience. I know none of my users will create a link to / and allow
# anyone who is browsing the site to view all my configuration that the
# user has access to read. Leave it out if you're not 100% positive your
# users are gonna be nice
AllowOverride All
# Again, I trust my users, and want them to be able to use all the great
# features of the .htaccess files
</Directory>
...and then to define what kind of files the server should execute as
CGI's...
(in srm.conf)
AddHandler cgi-script .cgi
You may also want to add .pl for perl scripts, or whatever you want. For
more info on how to install suexec, which you certainly want to do before
you allow your users to execute their own cgi, look at the apache
documentation. You probably will have to recompile.
----
Nate Carlson
the infinite loop
natecars@infiniteloop.com
On Wed, 26 May 1999, rtp wrote:
> Hello,
>
> I am trying to configure apache so that users can execute cgi from
> /home/username/www/cgi-bin/. I've been testing with the following hello
> world script which is from the Lincon Stein web:
>
> #! /usr/bin/perl -w
>
> use CGI ':standard';
> print
> header,
> start_html('Example 1'),
> h1('Hello World!'),
> "Wow, I'm speaking HTML!",
> hr,
> end_html;
>
> The script executes properly from www.mi-recordz.com/cgi-bin/hello
>
> NameVirtualHost 209.134.131.41
> <VirtualHost 209.134.131.41>
> ServerAdmin rtp@mi-recordz.com
> DocumentRoot /home/mi-r/www/html
> ScriptAlias /cgi-bin /home/mi-r/www/cgi-bin
> ServerName www.mi-recordz.com
> ErrorLog logs/mi-recordz.com-error_log
> TransferLog logs/mi-recordz.com-access_log
> </VirtualHost>
>
> However, the output from www.mi-recordz.com/~username/cgi-bin/hello is
> just the text which makes up the script. The script is not executing.
>
> access.conf:
> <Directory /home/username/www/cgi-bin>
> AllowOverride None
> Options ExecCGI
> </Directory>
>
> httpd.conf:
> ScriptAlias /cgi-bin/ /home/username/www/cgi-bin/
>
> Directory and file permissions have basically been 755. Will the
> ScriptAlias line need to be repeated for every user that has a cgi-bin?
> Of course there are security issues with cgi and I appreciate any
> insites on that.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
>