CGI

CGI

CGI stands for “Common Gateway Interface,” and it’s the code behind forms on the World Wide Web. If your service plan includes Form Support, your account will be activated for CGI.

 Safeport provides customers with a general form submission script, available upon request: support@safeport.com.

Programs allowing remote use of your site by other websites or spam email are not allowed and will be removed. (Please see CGI Security Issues below).

About UNIX Permissions

When coding CGI scripts you must make sure that your scripts have the correct access permissions. Access permissions are the way that most UNIX systems implement system security: all you need to know for the purposes of CGI scripting is that the permissions involve individual users and groups which can be composed of multiple users. Scripts must be globally executable and readable, but not globally writable. If access permissions are too broad, the scripts will not execute. Only you should be allowed to change your scripts!

To use WinSCP (a free secure FTP see our downloads page) to change file permissions, start WinSCP and load your Safeport saved session. If you scroll to the right in the right hand pane you will see “Rights,” “Owner,” and “Group” headers. By right clicking on the “Rights” associated with your CGI script and clicking on Properties, you will have the option of changing file permissions by selecting or unselecting check boxes. CGI scripts must have the X checked under Owner to work properly (X stands for executable and tells the web server that the file may be executed as a script).

If you ssh to your UNIX shell account using your Safeport account name and password, you will also be able to check file permissions using UNIX. The following command will show you the permissions on your script:

ls -l myscript

After you run this command, you will see:

-rwxr-xr-x 1 myaccount myaccount 1067 Jan 21 23:54 myscript.cgi*

The -rwxr-xr-x part refers to file permissions. Usually, your script will be uploaded with only your account having read/write access, and you will need to use the following command to correct the permissions:

chmod a+rx myscript.cgi

If you are using WinSCP, you may use the view function to examine the script without downloading it. If you are using windows to develop your script make sure you select the proper mode so that your FTP program will convert the script to Unix format.

Directories and Permissions

If your account name is myaccount then you have the following directories:

home directory: /home/myaccount

This directory contains configuration files for standard programs that are used with a UNIX shell. This directory is “owned” by the user (myaccount) and must be globally readable. The correct UNIX permission “code” is drwxr-x-r-x

website directory: /home/myaccount/htdocs

This directory is “owned” by the user and belongs to the group apache or www. Belonging to a special group prevents other local users from being able to view your files. This directory contains the base directory of your website (the document root) and any support files the website might require. Files in this directory should have permissions of -rw-r—–. Files that are accessed only through CGI scripts may have more restrictive permissions of -rw——- so that they may only be accessed by the user.

website root: /home/myaccount/htdocs/mydomain.com

This directory contains the website, i.e., the HTML and graphic files that visitors to the site see. These files must be owned by myaccount and belong to the group myaccount. The files must be globally readable. Any data files used by programs run by the site must have access restricted to myaccount.

CGI directory: /home/myaccount/htdocs/cgi-bin

This directory is optional. If you prefer CGI scripts may be placed anywhere in the document tree (under htdocs). CGI scripts must:

  • Be named script.cgi. That is the first program invoked from an HTML file must be so named.
  • It must be owned by myaccount and be executable.
  • It must be a Unix file.

General Information for Perl

Safeport’s operating system is FreeBSD.

The location of Perl on our server differs depending on the version of FreeBSD. To be use the shell command: which perl to determine the proper location.

Mailto should be directed to: “/usr/sbin/sendmail”

All Perl scripts must be written in ASCII mode. Some programs, such as WordPerfect, MSWordPad and MSWord, leave hidden characters to indicate line endings and tabs, so you will need a programming editor to author and edit your scripts.

When uploading Perl scripts, make sure you use the ASCII mode on FTP transmissions. Binary mode can add hidden characters that will break your script.

CGI Security Issues

We at Safeport want to make sure that our customer’s accounts remain secure. Our web servers are upgraded on a continual basis to protect our system, but some CGI scripts can open loopholes for hackers, violating our security policies. CGI scripts will be reviewed for security vulnerabilities in order to protect your account. If you are new to programming CGI, you should visit:

in Unix Basics