Help with basic CGI project?

Thu Jun 19 13:46:07 EDT 2008

Re:

> The cgi does not run as you, it runs as another user ("nobody" I think,
> but I'm not certain.) At any rate, the permissions for the stack are set
> to only allow you, the admin, to write to the file. You need to change
> that to allow anyone to write to the file.
> .......................................................................

Who does the CGI run as?

For Apache, this depends on how the http server has been set up.  It might
be "nobody" or it might be "apache" or whatever.  One way to tell is
by writing a CGI that creates a file, and then, look at the permissions
on the file that was created (amongst other methods).  I would suspect
that for other http servers, IIS etc., it may be a similar 'configured
at set up time, but most people accept the defaults' kinda thing.

Here is a comment from the /etc/httpd.conf file on the server I happen
to be on at the moment  (this apache config file might not be in /etc
on all other systems, you may be able to do a locate command to find it,
if you have permissions).

     # If you wish httpd to run as a different user or group, you must run
     # httpd as root initially and it will switch.
     #
     # User/Group: The name (or #number) of the user/group to run httpd as.
     #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
     #  . On HPUX you may not be able to use shared memory as nobody, and the
     #    suggested workaround is to create a user www and use that user.
     #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
     #  when the value of (unsigned)Group is above 60000;
     #  don't use Group #-1 on these systems!
     #
     User apache
     Group apache

So notice that the user and group is set in this file.  On another server
I just looked at, it's also set to user "apache", but the file was in

/etc/httpd/conf/httpd.conf

On the server I'm on, where it so happens there are permissions available,
I just ran this CGI:  (please pardon the lack of comments, and credits,
this was shamefully borrowed a long long time ago)

............................cut here.....................
#!/usr/local/bin/mc
# This MetaTalk script loops over all the environment variables
# set by the server when it runs a CGI application printing out
# its name and value.
on startup
  # loop over all of the global variables, getting name and value
  repeat for each item i in the globals
    put i && "=" && value(i) & return after tBuffer
  end repeat
  # write minimal set of HTTP headers to stdout
  read from stdin until empty
  put it after tBuffer
  put "Content-Type: text/plain" & cr
  put "Content-Length:" && the length of tBuffer & cr & cr
  put tBuffer

  put "touch /tmp/foobar"  into commandString
  set shellCommand to "/bin/sh"
  put shell(commandString) into tBuffer
  put tBuffer
end startup
............................cut here.....................

The file it created looks like this with ls -al /tmp/foobar

-rw-r--r--  1 apache apache 0 Jun 19 10:39 /tmp/foobar

Make sense?

Hope it helps!
Sadhu