Basics and File Locations
CGI Programs are programs that execute and then create dynamic web content. They can create HTML pages, images, audio or video files, pretty much anything that you can put on the web.
CGI Programs can be written in virtually any scripted or compiled language. The web server is currently a Ubuntu based system. Consequently if you use a compiled language for CGI, your program should be compiled on ubuntu.eskimo.com, a Ubuntu based shell server. We provide many languages for your use in CGI program creation. No matter which language you use, CGI programs must have an extension of “.cgi” and must be executable at least by the owner. Also, for Apache to correctly determine the file type, it should be world-readable.
chmod 544 file.cgi
CGI programs must be placed in a directory called “cgi-bin” which resides within your “public_html” directory. You can create this directory online using the following commands.
cd ~/public_html mkdir cgi-bin chmod 755 cgi-bin
It is also possible to create this directory with a standard ftp client by first logging into ftp.eskimo.com with your username and password, and then issuing the following commands.
cd public_html mkdir cgi-bin
In the case of ftp, when you login with your username and password, you will already be in your home directory. When you use mkdir within ftp, it will create the directory with the correct permissions.
How CGI Programs Are Called
If your site is a user site under our domain with a URL like “http://www.eskimo.com/~user”, then your CGI program would be called as “http://www.eskimo.com/~user/cgi-bin/program.cgi”. You can make your CGI web page appear to be somewhere other than cgi-bin on your website by using .htaccess to map the desired URL to the physical location.
There is also a system cgi-bin directory in which CGI programs that we make available can be accessed. Programs in this directory are called as follows, “http://www.eskimo.com/cgi-bin/program.cgi”. This is mostly used for programs that have system constants such as mail-back scripts.
If you have a virtual domain, your CGI programs would be called as follows, “http://www.example.com/~user/cgi-bin/program.cgi”.
System cgi-bin programs under your virtual domain would be called as follows,
Perl is far the most prevalent scripted language used for CGI programs. On Eskimo, the path to perl is “/usr/bin/perl”. It is version 5.10.1 presently and built with multi-thread support. Unlike perl4, there is no separate taintperl, instead perl is called with -T to provide this capability.
All perl CGI programs must start with:
CGI programs requiring taintperl should start with:
|Perl Articles (O’Reilly)||http://www.perl.com/|
|Comprehensive Perl Archive||http://www.cpan.org/|
There is also an online manual you can access from the shell command prompt by typing, “man perl”.
Python is available for web scripting (and other uses). The path to python is “/usr/bin/python”. The version of python installed here is version 2.4.4.
Python CGI scripts should be mode 544 and must start with:
Python documentation can be found at http://www.python.org/doc/.
There is also an online manual you can access from the shell command prompt by typing, “man python”.
Ruby is available for web scripting (and other uses). The path to ruby is “/usr/bin/ruby”. The version installed here is ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux].
Ruby CGI scripts should be mode 544 and must start with:
An online manual that can be accessed from the shell command prompt by
typing, “man ruby”.
CGI programs can also be written in any of the supported compiled languages. Any compiled programs must be created on ubuntu.eskimo.com. It is recommended that any compiled CGI program developed off-site be recompiled here before use in order to insure compatibility with the system libraries provided here.
CGI programs execute with your permissions. If there is a flaw in your program that is exploitable remotely, your files and website may be damaged.
Many shared hosting sites execute all code under a common user ID. In that situation, a flaw in any users code can result in damage to all users websites. Here, where each users website executes under their own user ID, only your own code can expose your own website.
Programs should be very careful to eliminate any “../” back references, wild card or regular expression references to file names or commands, or references to files or commands starting at “/”. Care should be taken to make sure input does not overflow input buffers.