cgi-wrapper man page on DragonFly
Man page or keyword search:  
man Server   44335 pages
apropos Keyword Search (all sections)
Output format
DragonFly logo
[printable version] 
CGI-WRAPPER(1)							CGI-WRAPPER(1)

NAME
       cgi-wrapper - run CGI programs in a secured environment

DESCRIPTION
       The  CGI-wrapper can be used to run certain CGI programs with a differ‐
       ent userid then the webserver's userid. To function properly, the  CGI-
       wrapper binary needs the su-bit. To prevent abuse, it has the necessary
       security checks. The CGI-wrapper can only be executed by	 the  Hiawatha
       webserver. It uses the Hiawatha PID-file for this verification.

CONFIGURATION
       The   CGI-wrapper   can	 be  configured	 via  the  configuration  file
       /usr/local/etc/hiawatha/cgi-wrapper.conf.  The  following  options  are
       available:

       CGIhandler = <CGI handler>[, <CGI handler>, ...]
	      Normally,	 only  files  inside the WebsiteRoot will be executed.
	      CGI-handlers are usually not inside  this	 directory.  Use  this
	      option  to specify binaries that are outside the WebsiteRoot and
	      the CGI-wrapper is still allowed to execute.
	      Example: CGIhandler = /usr/local/bin/php4-cgi

       Wrap  =	<wrap_id>;<path>|~<username>;<userid>[:<groupid>[,  <groupid>,
       ...]]
	      Via a Wrap-entry, you can control the CGI-wrapper. The <wrap_id>
	      is used to 'bind'	 it  to	 a  virtual  host.  See	 CGIwrapId  in
	      hiawatha(1) for more information.
	      The  second  option  specifies the rootdirectory of the CGI pro‐
	      gram: it must be located with in this directory or  a  subdirec‐
	      tory.  Specifiy  a  complete  path or use the homedirectory of a
	      user + "/public_html/" by specifing it's username preceded by  a
	      '~'.  In case of a complete path, it's advisable to use the Web‐
	      siteRoot of the associated virtual host. When you specify a com‐
	      plete  path,  you can replace one slash by a pipe-sign. The part
	      before the pipe-sign will be used for chroot. Be	carefull  with
	      using  chrooted  CGI's in combination with UserWebsite and Alias
	      (see hiawatha(1) for more information about these options).
	      The last options are userid and groupid of the CGI  process.  If
	      the  groupid is omitted, it will be looked up in /etc/passwd and
	      /etc/group. The userid and groupid 'root' are not allowed here.
	      Example: Wrap = test;/var/www/testsite;testuser
		       Wrap = jail;/usr/local/jail|sites/public;1001:101

	      The CGI-wrapper needs Hiawatha's pidfile to work.

	      Using "CGIwrapId = some_id" and "Wrap =  some_id;~hugo;hugo"  is
	      the same as using "CGIwrapId = ~hugo".

       Most  of	 the  parameters  in  cgi-wrapper.conf	are already present in
       hiawatha.conf. The reason why they have to be specified again  and  why
       they  are  not being passed on by Hiawatha, is that when Hiawatha has a
       vulnerability, because of a bug in an external library  of  course  :),
       the  CGI-wrapper can't be used to execute every program on the disk. So
       it is done for a security reason.

SEE ALSO
       The CGI-wrapper is part of the Hiawatha webserver. See hiawatha(1)  for
       more information about Hiawatha.

AUTHOR
       Hugo  Leisink  <hugo@hiawatha-webserver.org> - http://www.hiawatha-web‐
       server.org/

								CGI-WRAPPER(1)
[top]

List of man pages available for DragonFly

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net