Running CGI and PHP scripts and use of tomcat containers

Intro

users.cs.helsinki.fi is a database-oriented WWW server of the department. It is possible to run users' own CGI scripts on this server! This document is a brief introduction into this subject. Note the PHP supplement at the end.

First login

At the first login, a local home directory is created. Network home and group directories are read-only on this server. This means that you can write files only locally.

Setting up a virtual server

Every user can set up their own virtual server at <username>.users.cs.helsinki.fi. In case you haven't done so, run the command wanna-htdocs. This will create a directory htdocs in your home directory. Any files that should be available to the WWW server need to be put there.

CGI scripts aka cgi-bin scripts

For your CGI scripts you should (though strictly speaking you do not have to) create a cgi-bin subdirectory in your public_html directory. Now your CGI scripts (like hello.pl) can be run with a URL like http://<username>.users.cs.Helsinki.FI/cgi-bin/hello.pl. But wait...

Must have .htaccess file

If you do not have a .htaccess file with the following text in it

AddHandler cgi-script pl

you only get the code of your script! So, you must create that .htaccess file in the cgi-bin directory.

If you have another script called myscript.cgi in addition to hello.pl your .htaccess file should read

AddHandler cgi-script cgi
AddHandler cgi-script pl

Got it?

A note on permissions

For anything to work properly you must set the file and directory permissions correctly. The www server is run as the user www-data. Here is a list of the required permissions:

  • www-data needs directory access permission to all the directories in the file path (/home/$USER, /home/$USER/htdocs and /home/$USER/htdocs/cgi-bin)
    • setfacl -m u:www-data:--x ~ ~/htdocs ~/htdocs/cgi-bin
  • www-data needs read access to .htaccess
    • setfacl -m u:www-data:r-- .htaccess
  • your account needs execute permissions on the CGI scripts
    • chmod 700 ~/htdocs/cgi-bin/hello.cgi

For security reasons, don't give any other groups or users write access to the cgi-bin directory or its contents. The WWW server won't run your scripts if you do this!

Now the hello.cgi can be accessed through Internet at http://<username>.users.cs.helsinki.fi/cgi-bin/hello.cgi.

In essence, the Apache HTTP server user needs access to traverse all directories right down to your script, and be able to read any existing .htaccess files. If there's a .htaccess file the server can't read, nothing under that directory will be displayed.

The executable/script files themselves ONLY need permissions to be read and executed by the user (you). Your scripts will only ever run as you, with your access rights - the web server does not need access to even read them.

Any static content to be served from the same directory tree, like images, stylesheets, HTML and javascript files, still need the read permission for user www-data.

An example Perl script

Here's an example Perl script to test your configuration.

#!/usr/bin/perl

print("Content-Type: text/plain\n\n");

print("hello, world");

Finally

For more information on setting up WWW documents see the department's WWW guide (in Finnish).

Read also instructions and guidelines on users' own servers (in Finnish). CGI scripts are a potential security threat so be sure what your CGI scripts do, disable CGI scripts when you don't need them and remove unnecessary scripts.

The WWW server logs errors from your CGI scripts to file /home/userlogs/<username>.error.

If you uploaded a CGI script from a Windows system, there may be a problem with the text file format. You may need to use the dos2unix program before you can use an uploaded text file as a CGI script. More information on transfering files is available in Finnish on a web page.

Read the manual of the Apache WWW server if everything fails...

 


PHP supplement

PHP is used just like any other script language, i.e., Perl.

However, it needs no configuration other than correct permissions and ownership. Files with the ending ".php" under htdocs directories are automatically executed as their owner through the /usr/bin/php-cgi translator.

Check access permissions. Try it. Check again...

 


Modified from Oskari Heinonen's original document http://db.cs.Helsinki.FI/~oheinone/cgi-howto.html.

Back to the computing facilities page

 

support@cs.Helsinki.FI
03.10.2012 - 20:56 Jani Jaakkola
21.09.2009 - 11:12 Webmaster