 | |
This document demonstrates how to install and use CGI scripts as a user on this server.
The information regarding the linking to invoke cgi scripts in this demo are for Version 1 and 2 servers only. If you are on a Version 3 server (recent new account
creation), you will find cgi link information in the email that was issued when your account was created.
The use of suid and tilde (~) references in URLs for linking is a Legacy feature that has been deprecated on Version 2 servers. It will still work, but you should use
direct linking (http://yourdomain.com/cgi-bin/script.cgi) in order to invoke/call scripts.
Example
User jdoe's cgi script: my script
The script is called demo.cgi and is stored in the cgi-bin directory in his home directory
(/home/jdoe/cgi-bin/demo.cgi). The URL used to invoke it
is:
http://www.he.net/cgi-bin/suid/~jdoe/demo.cgi
Ingredients
- The user CGI script: demo.cgi
Be sure to mark your CGI script executable. To do this telnet to he.net,
log in, move to your cgi-bin by typing:
cd cgi-bin
and then mark your script executable by typing:
chmod 755 demo.cgi
Be sure to transfer your script with your FTP client in text mode if it is a perl,
tcl, or shell script. This will ensure the end of line characters are translated
appropriately. Unix uses LF (linefeeds) to indicated the end of lines, the Mac uses CR
(carrige returns), and DOS uses CR LF pairs at the end of lines.
- The set user id CGI script: suid
suid is installed in the master cgi-bin of the server and allows you to invoke your
CGI scripts. Your CGI scripts are run with your user id and have access to all of the files you have access to.
suid expects your CGI scripts to be in a directory named cgi-bin in your home directory.
To invoke nph (non parsed header) CGI scripts use nph-suid instead.
- A link which references the user CGI script:
<a href="http://www.he.net/cgi-bin/suid/~jdoe/demo.cgi">my
script</a>
This link first makes use of suid and then specifies the user cgi-bin and
script to run by the /~jdoe/demo.cgi appended after it.
Important: The link which references your CGI script must contain the name of
the server your account is on. For example, if your account was rflyer on
thor.he.net, the link to reference your CGI script might look like this:
<a href="http://thor.he.net/cgi-bin/suid/~rflyer/demo.cgi">my
script</a>
Security And Performance Issues
There are a number of security issues involving CGI scripts which go beyond the scope
of this document. Properly used, CGI scripts can provide powerful flexibility with limited
performance impact. Hurricane Electric imposes a few requirements and conditions on the use of
CGI scripts:
- Source Available For Inspection
If your CGI script is a compiled program (for example, one written in C)
you must keep the source on the server.
- Respect For Server Resources
Your CGI script must not create performance problems on the server.
Simple guidelines for what is reasonable is the load imposed by imagemap or cgiemail.
- Your Scripts Are Run As You
Because your scripts run as you they have the potential to create, modify, or delete
files in your home directory. You are completely responsible for what they do. To
protect youself avoid passing file names dynamically that the script will use to create,
modify, or delete. In general, the safest CGI scripts are ones that only generate
output. Next safest are ones that generate output and modify a specific file which is
specified at compile time.
|
|  |
