CGI Security Documentation

CGIWrap User Instructions

This page explains how a user can set up an account to execute CGI scripts through CGIWrap. It assumes you already understand the basics of writing CGI scripts and creating HTML documents for the web, and it focuses on the practical account-level steps needed to place scripts in the right directory, assign permissions, and call them with the correct URL.

In shared Unix environments, those setup details matter. A script may be correctly written but still fail if the directory layout, permissions, or execution URL are wrong. These instructions are intended to give users a simple path from account setup to successful CGI execution and debugging.

Basic Account Assumptions

In the instructions below, the following example account details are assumed. These are only examples, but they make the setup process easier to explain in a realistic way.

  • UserID: joe
  • Home Directory: /users/joe
  • Web documents are served from the user's public_html area.
  • CGI scripts will live inside a cgi-bin directory beneath that web area.

Create the CGI Directory

If you do not already have a cgi-bin directory set up, create one inside your account. In the common CGIWrap layout, that directory lives under ~/public_html.

1Move to your home directory
cd ~joe
2Create the public_html directory if needed
mkdir public_html
3Create the CGI directory
mkdir public_html/cgi-bin

Once this structure exists, you have the usual starting point for CGIWrap script placement. If your local server uses a different layout, the administrator may have customized the path, but this is the common arrangement assumed by the distributed documentation.

AFS Environments

If you are using AFS, you will also need to set the correct AFS permissions on the directories. Standard Unix filesystem permissions are not the whole story in that environment, so review Use of CGIwrap with AFS for the permission details required to make CGIWrap function correctly.

Install the Script and Set Permissions

After your CGI directory exists, install the script into that directory and assign the proper execution permissions. The exact script name may vary, but the basic pattern looks like this:

4Copy the script into your CGI directory
cp script.pl ~joe/public_html/cgi-bin/script.pl
5Make the script executable
chmod 755 ~joe/public_html/cgi-bin/script.pl

At this stage, the file is in the expected place and has execution permissions set. That does not guarantee the script itself is correct, but it does mean the account-level CGIWrap setup is moving in the right direction.

Normal Execution URL

The script is executed using a CGIWrap URL that points to your userid and the script name. A typical URL pattern looks like this: 

https://SERVER/cgi-bin/cgiwrap/joe/script.pl

Replace SERVER with your actual host name and adjust the script name if needed. This is the normal execution path for a user-owned CGI script under CGIWrap.

Debugging URL

If you want to see debugging output for your CGI script, specify cgiwrapd instead of cgiwrap. This returns debug-oriented output that is often much more useful when you are trying to figure out why a script is failing. 

https://SERVER/cgi-bin/cgiwrapd/joe/script.pl

NPH Script URLs

If the script is an nph- style script, you may need to use one of the NPH CGIWrap variants instead. These are typically used when a script sends its own complete headers or when response handling needs to be less filtered. 

https://SERVER/cgi-bin/nph-cgiwrap/joe/script.pl
https://SERVER/cgi-bin/nph-cgiwrapd/joe/script.pl

In practical terms, the main pattern is simple: place the script in the correct directory, make it executable, use cgiwrap for normal execution, use cgiwrapd for debugging, and switch to the NPH variants only when your script specifically requires that style of output handling.