Simple CGI Wrapper for subdomain - UK Web Hosting | Dedicated Server Windows and Linux VPS Forum

**Enigma** · #1 (**permalink**) 05-07-2006, 22:36

eUKhost hosting comes with the simple cgi wrapper which enables cgi scripts to run under the user id, rather than as the webserver. However, when activated in the control panel this creates a scgi-bin directory in the root public_html directory only. Is there any way to set the wrapper up for a subdomain (i.e. create public_html/sub_domain/scgi-bin)? Obviously it's possible to simply place the few scripts requiring such rights in the root scgi-bin folder even for subdomains, but I'd prefer not to have files from different subdomains mixed together if at all possible.

Thanks,

Enigma

**eUKhost.com** · #2 (**permalink**) 06-07-2006, 08:55

When you add a subdomain from control panel, a cgi-bin is created by default in directory of that subdomain. You can put your scripts for respective subdomain name in that particular cgi-bin.

**Enigma** · #3 (**permalink**) 06-07-2006, 10:43

Thanks for your reply.

The problem is that scripts placed in the subdomain's cgi-bin are run by the webserver under its own user id (user: nobody). Since this is different from the user id of the owner of the website and in a different group if any of the scripts need to write to the filesystem the directories written to must be world writable. The simple CGI wrapper wraps scripts so that they run under the user id of the website owner, not of the webserver. This way directories that are written to need only be user writable, not world writable.

**eUKhost.com** · #4 (**permalink**) 06-07-2006, 11:42

Scripts that you upload remain under your ownership but the scripts generated by some other script in your account is generated under ownership of nobody. If you have problems with the ownership of nobody then you should contact our helpdesk immediately to get your ownership on those scripts as ownership of nobody and permission 777 is open invitation to hackers / crackers to play and modify contents of those scripts.

**Enigma** · #5 (**permalink**) 06-07-2006, 12:11

I don't think you're quite understanding my issue.

Suppose we have the following website directory structure (with unix permissions shown):

Code:

[d] 755 website/
[d] 755         public_html/
[d] 755                     cgi-bin/
[f] 755                            root-domain-script.cgi
[d] 755                     scgi-bin/
[f] 755                              root-domain-wrapped-script.cgi
[d] 755                     subdomain/
[d] 755                               cgi-bin/
[f] 755                                       subdomain-script.cgi
[d] 755                               safe-user-writable-folder/
[d] 777                               unsafe-world-writable-folder/

And the cgi scripts are identical perl scripts containing the following code (forgive me if the perl is incorrect - I'm not that experienced with it - but the intent should be clear):

Code:

#!/usr/bin/perl -w

open(SAFEFILE, ">", "/website/public_html/subdomain/safe-user-writable-folder/temp");
open(UNSAFEFILE, ">", "/website/public_html/subdomain/unsafe-world-writable-folder/temp");

while (read (STDIN, $LINE, 4096))
{
	if (SAFEFILE)
	{
		print SAFEFILE $LINE;
	}
	if (UNSAFEFILE)
	{
		print UNSAFEFILE $LINE;
	}
}
close (SAFEFILE);
close (UNSAFEFILE);

exit(0);

Now root-domain-script.cgi will successfully create the file /website/public_html/subdomain/unsafe-world-writable-folder/temp, but will fail to create the file /website/public_html/subdomain/safe-user-writable-folder/temp. This is because scripts, regardless of who owns the script file, are run by the webserver and therefore are run by default with the webservers user id, which is "nobody" and "nobody" does not have permission to write to the folder safe-user-writable-folder.

This situation is exactly the same for subdomain-script.cgi.

root-domain-wrapped-script.cgi however will run not with the webserver user id but with the script owner's user id, thanks to simple CGI wrapper, and will therefore successfully create both files.

What I would like is to be able to have a directory structure like:

Code:

[d] 755 website/
[d] 755         public_html/
[d] 755                     cgi-bin/
[f] 755                            root-domain-script.cgi
[d] 755                     scgi-bin/
[f] 755                              root-domain-wrapped-script.cgi
[d] 755                     subdomain/
[d] 755                               cgi-bin/
[f] 755                                       subdomain-script.cgi
[d] 755                               scgi-bin/
[f] 755                                        subdomain-wrapped-script.cgi
[d] 755                               safe-user-writable-folder/

With the additional scgi-bin directory and subdomain-wrapped-script.cgi in the subdomain folder.

**Enigma** · #6 (**permalink**) 06-07-2006, 16:23

Strangely my script seems to be working now even when I move it out of the scgi-bin directory, which I can't explain.

**eUKhost.com** · #7 (**permalink**) 06-07-2006, 20:28

Probablly you have code in your .htaccess to allow cgi scripts to execute outside cgi-bin. If you wish to execute cgi scripts outside cgi-bin then you add following code to your .htaccess :-

Options +ExecCGI
AddHandler cgi-script cgi pl