CGIWrap - Frequently Asked Questions

Administrative Questions

I am getting the error about the server userid.

CGIwrap needs to be configured with the userid that your web server is running as. For apache based servers, this is the userid that is listed on the "User" line in httpd.conf. You specify this when configuring CGIWrap using the --with-httpd-user option.

I am getting the error "Can't ... ". How can I fix this?

CGIwrap needs to be installed set-uid to root. Log in as root, change to the server's cgi-bin directory, and issue the commands:

	chown root cgiwrap
	chmod 4755 cgiwrap

How do I use CGIwrap with server side includes

This is not supported by all web servers, but with Apache, use:

	<!--#include virtual="/cgi-bin/cgiwrap/user/script...."-->

One of the problems is that this often is a security hole unless you can enable server side exec/virtual include only of executables that are in ExecCGI capable directories. Some people have made patches that will allow this to work. Ask on the list for details.

I am getting the error "setgroups() failed!". What is wrong?

This occurs when CGIwrap is unable to set auxilliary groups. Auxilliary groups are groups that a user is a member of in /etc/group, that are not the user's primary group in /etc/passwd. Two things you can do here are to make sure CGIwrap is installed correctly (has to be setuid root to be able to set auxilliary groups.), or disable setting auxilliary groups.

ld.so.1: /net/bin/perl: fatal: /usr/lib/libintl.so.1: can't map file: errno=12

This indicates that you installed cgiwrap with resource limiting (with rlimit support) but the limits are set too low. There isn't enough memory for perl to load. Keep in mind that unix applications usually use alot of virtual memory, even though their resident size is small.

How do I get PHP to work with cgiwrap

Here is an informal how-to I wrote after I set up cgiwrap and php recently. Much thanks goes to Nathan Nuelinger for the pointing out the decisive step of compiling with --enable-discard-path.

Download cgiwrap and set that up. I already had cgiwrap set up to wrap cgi scripts, but I did upgrade to the latest version. Get this working first with some simple cgi script tests. (BTW: Options you may find helpful include --with-cgi-dir and --with-httpd-user)

Download the latest version of php and configure it as a cgi binary, not as a module. Basically, if you run ./configure with no options, php will be compiled as a cgi binary. (To set it up as an apache module, which you don't want to do if you want to wrap your scripts, you have to explicitly say ./configure --with-apache.)

Before you compile php, however, and this is crucial, configure php with the option --enable-discard-path which allows you to move the php binary out of the web tree and into /usr/local/bin (which adds security), but more importantly it allows you to use php with cgiwrap properly.

To summarize, you need to run ./configure --enable-discard-path plus any other options you may desire, and place the php binary in /usr/local/bin.

Finally, you need the #!/usr/local/bin/php line at the very top of every php script you write. Then call the php script with cgiwrap exactly as you would call a cgi script. For example:

//https://yourdomain.com/cgi-bin/cgiwrap//

User Questions

I am getting a 500 Server Error, how can I debug my script?

CGIwrap supports a debugging mode which can help to debug scripts. To use it, call CGIwrap via the URL https://.../cgiwrapd/... instead of https://.../cgiwrap/....

I am getting the error execv() failed

This generally results from either having the wrong path to perl, or having control-M's after the path to perl. This is usually a result of uploading the script in binary mode instead of ascii. You can fix this by re-uploading the script in ascii mode, or using vi/perl/etc. to get rid of the control-M's in the file.

For some situations, simply adding " -- " to the end of the first line of the script will cause the error to go away, sometimes not.

How do I use cgiwrapd on a Cobalt RaQ?

cgiwrapd is still there, it just isn't directly obvious how to use it. If you normally call your script as

//https://www.site1.com/test.cgi

you can call it as

//https://www.site1.com/cgiwrapDir/cgiwrapd/test.cgi

to run it under cgiwrapd. Basically they ScriptAlias "cgiwrapDir" to the directory where cgiwrap is installed.