Re: [cobalt-users] Cannot execute cgi's in ~user on RaQ3

[Alfredo <alfredo@xxxxxxxxxxxxxxx>]

> what is a cgi wrapper anyway?

It's a security device to prevent anyone other than the owner of the 
script from running it. These are very popular now and getting more 
so. It really does avoid lots of potential abuses.

> why is the cobalt cgi abilities different from other unix servers?

They're not. Not at all! Cobalt uses Linux and there's no real cgi 
difference from Unix (same perl and everything). There are scores of 
cgi programs running on our hosted sites without problems and they 
are called normally (directly to the script...no "cgiwrapper" name in 
the call at all). The only difference with the Raq is the cgiwrapper 
program and you CAN disable that if you want (using the code you have 
below) for the entire server. But I'm not sure that's necessary or 
even advisable in most cases. To wit...

> after many weeks of struggle, we have completely given up on gui enabled
> cgi.
>
> we had many scripts on a different unix server that worked fine...
>
> we put the webs on our raq3 and were greeted with cgi wrapper not found...
>
> i have no idea why our scripts did not work...

First off, the cgiwrapper error comes up in response to a lot of 
script errors including permissions and internal script problems. One 
problem we see a lot is that the Raq seems to default to giving full 
ownership to "group" as well as owner and that produces errors in 
some scripts. We go in and redo permissions on all scripts to make 
sure they're 755.

But if everything in the script is okay -- paths, perl id line at the 
top and your permissions are correct, the error often means that 
there is an ownership issue. Best thing to do is to make absolutely 
sure your scripts are owned by the site administrator and NOT be 
running with httpd ownership! The wrapper will reject some scripts 
when that's the case. MUST be the owner specifically (e.g. the person 
who loaded that script to the directory). We check all this carefully 
in a Telnet session.

> my solution...
>
> disable cgi in the gui for each web.
>
> enable cgi by dir with htaccess file containing:
>
> AddHandler cgi-script .cgi
> AddHandler cgi-script .pl
> Options Indexes FollowSymLinks ExecCGI Includes

This is a fine workaround but then when you're hosting lots of sites 
and those people use cgi scripts, you either have to do this for them 
or you have to give them Telnet access (because FTP access is too 
restrictive when working with htaccess files) and giving clients 
Telnet access is something I would caution against. You could end up 
with some serious problems.

Alfredo


--
People-Link/Institute for Mass Communications
www.people-link.org
Communications for a Better World...and for the People Who are Building One!
Members, Local 1180, Communications Workers of America, AFL-CIO