[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Shared CGI-BIN - solved
- Subject: Re: [cobalt-users] Shared CGI-BIN - solved
- From: Kul <WebMaster@xxxxxxx>
- Date: Mon Jan 29 07:51:01 2001
- Organization: Qax
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
baltimoremd@xxxxxxxxxxxxxxx wrote:
> I'd like to make available some cgi scripts to all users on a RaQ4 from
> a shared area. Search of the archives hasn't lead to much more that I
> think it can be done.
>
> Would be interested in a solution that someone has done and/or knows
> can be done.
> Thanks
> Thom
Hi Thom, (and others, your wish is my command....)
If I understand you correctly, you want a "cgi" directory that ANY user on YOUR Raq can use (execute not read/write to/from)!
I have a Raq3 and sometime back I looked into this very problem, nobody could help so I SOLVED it myself. With tips from others, a couple of hours, many restarts, a few swear words, and 5 cups of coffee later it was done and dusted.
NOTE: I have a raq3, but highly suspect it is easily transferable to a 4 - let us know if it goes ok?
In your **httpd.conf** file, add the following line, then create directory "cgi-pub" (use whatever you like) in the home site (could actually be any, but home is probably best). Make sure it **IS** in the "web" directory or cgi-wrapper will go bananas and stop it working! Ensure you create the "cgi-pub" directory NOT as root or you can't upload the scripts (as I did - Dohh) then ensure its chmod'ed correctly (see example below) (and its containing scripts) - I found the admin user the best one to use as the owner of the "cgi-pub" directory.
ScriptAlias /cgi-pub/ /home/sites/home/web/cgi-pub/
Once you have added above line, restart 'httpd' (not sure if its the same on raq4's as on 3's).
!!AN IMPORTANT POINT TO NOTE!! (shouting is required <g>)
If a Virtual Site does **NOT** have cgi access (from GUI) and they were to call any of the scripts from their site, they will still be served the cgi script, but as plain/text - They get to see the source, which could obviously open up any security weaknesses.
The way around this is easy, but involves a little more typing: Instead of sticking the "ScriptAlias......" anywhere in the httpd.conf file, put it inside EACH of the <VirtualHost> containers that have cgi access enabled, and **NOT** elsewhere in the main httpd.conf file:
<VirtualHost 123.456.789.012>
...bla..bla..bla...
AddHandler cgi-wrapper .cgi
AddHandler cgi-wrapper .pl
ScriptAlias /cgi-pub/ /home/sites/home/web/cgi-pub/
</VirtualHost>
My details on my cgi-pub directory:
drwxr-x--x 2 admin home 1024 Jan 19 23:24 cgi-pub
and its contents:
drwxr-x--x 2 admin home 1024 Jan 19 23:24 .
drwxrwsr-x 10 nobody home 1024 Dec 02 05:32 ..
-rwxr-xr-x 1 admin home 3754 Jan 19 23:24 a-script.cgi
The virtual site can then call the script either of two ways:
1. http://www.thevirtualhost.com/cgi-pub/a-script.cgi
2. /cgi-pub/a-script.cgi
This is what I do, and it works a treat (even if I do say so myself...<self-congratulations>), preventing the other virtual hosts from viewing the source code and still allowing them to use the scripts. The other bonus is that they don't have to go through the installation and all that it invloves... you know, when they spend four hours to find out it should have ftp'd in ASCII !! <g>
With this solution you can make certain scripts globally available to 'selected' or 'all' virtual hosts !
Avoid putting your site specific scripts in the same directory for obvious reasons.
Sorry if this sounds a little patronizing (NOT Intended), but wanted to keep it simple and fully explained as others in the future may come across it and find it useful !
Hope this helps
Regards
Kul