 |
 |
 |
 |
 |
 |
|
MilkShake operates a highly secure CGI environment which protects your scripts and associated data files from the nosey eyes of other users on the web server. Because of this, some standard scripts may need slight modifications of file and directory permissions to those suggested by the script authors. This section is a guide to how to ensure all your CGI scripts run smoothly. Please also give this information to any third party developer who may be installing or writing CGI scripts on your behalf. You should note the following key information about CGI scripts on your Milkshake account: 1) Scripts can run from anywhere On your Milkshake Internet account CGI scripts may be located anywhere within your webroot. in other words anywhere within public_html or a sub directory thereof. Your don't have to run scripts from a cgi-bin directory, although for legacy code reasons you may create a cgi-bin directory if you wish. Many people prefer to create a directory called 'cgi' and place all their scripts in there, but this isn't essential either as you can place scripts wherever you please. 2) Scripts MUST be uploaded in ASCII format All CGI scripts must be uploaded via FTP in ASCII transfer mode, not in binary transfer mode, or else they will become corrupted and won't run. This is one of the commonest causes of script failure that we encounter, so always check that your CGI scripts are uploaded in ASCII transfer mode. This is usually easily set for most FTP clients. If using a publishing tool such as Dreamweaver, you'll probably want to configure the software so that all files with a .cgi or .pl extension are uploaded in ASCII transfer mode. NOTE: you cannot use ASCII transfer mode for all your web files, as images will corrupt if not uploaded in binary format. 3) Scripts MUST have the correct permissions Ensure your scripts are set as readable, writable and executable only by you - if you don't then the web server will not execute your CGI scripts. You must follow the following guidelines when setting permissions on CGI scripts:
Our servers will not run a CGI script which is deemed to have insecure or too open permissions. For this reason, setting a script up which can be executed or written by all users will result in a script which refuses to run. In general if a script's instructions tell you to change permissions to 777, you will almost certainly find that the script will not run. You should ignore the script's instructions and use 751 or 755 instead - it is safe to do so and indeed recommended as our method provides better security. Watch out in particular for directory permissions, these should always be set to 755. Please don't hesitate to email us if you have a script problem which
you feel is related to permissions or other server issues, we will do
our best to advise you on the best permissions for a script. We can't
of course support just any script, as scripts can vary in standard and
readablitiy, however we will certainly be able to rule out a server problem
and best advise on steps to take to try to get scripts working.
Path to Perl The path to Perl for all scripts written using the Perl language should be set at the very top of the script as follows: #!/usr/bin/perl Path to Sendmail Our mail server is Qmail which is a secure, fast and reliable alternative to the more standard sendmail software. However, where CGI scripts are concerned, Qmail does fully emulate sendmail as much as possible, so normally alterations to scripts should not be required. Our mail server can therefore be called from within a CGI script as: /usr/sbin/sendmail Qmail understands the commonly used sendmail options. PHP in CGI Mode If you wish to use PHP in CGI mode, to take advantage of the security
benefits, simply add the following line to the start of your PHP files: Using this method you can set the file name to .cgi instead of .php and
then set permissions to 751.
If you have a script named test.cgi, you would ensure that it had proper permissions by SSH'ing into your account, using the cd command to move into the directory containing the script and issuing the command: chmod 751 test.cgi Alternatively, use your FTP client to set permissions to 751, or read-write-execute for use only. To check this has worked, obtain a long directory listing using the ls -l command via SSH (or with an FTP client capable of showing file permissions). You should see something similar to this:
-rwx------ 1 andrew andrew 17519 Jan 20 2003 test.cgi (Note: bloggs is the account username in the above example. In reality your own username would appear there) The directory containing the script should be given the appropriate permissions as well. The correct permissions are normally set by default when you create a directory, but it's worth checking to be on the safe side. So, for the above example, assuming you are in the directory containing the test.cgi script, simply type: chmod 755 . Note the space and dot after the 755. This makes sure that files in this directory cannot be written to by anyone but yourself. |
