CGI Programs

Basics and File Locations

CGI Programs are programs that execute and then create dynamic web content. They can create HTML pages, images, audio or video files, pretty much anything that you can put on the web.

CGI Programs can be written in virtually any scripted or compiled language. We provide many languages for your use in CGI program creation. No matter which language you use, CGI programs must have an extension of ".cgi" and must be executable at least by the owner. Also, for Apache to correctly determine the file type, it should be world-readable.

     chmod 544 file.cgi

CGI programs must be placed in a directory called "cgi-bin" which resides within your "public_html" directory. You can create this directory online using the following commands.

     cd ~/public_html
     mkdir cgi-bin
     chmod 755 cgi-bin

It is also possible to create this directory with a standard ftp client by first logging into ftp.eskimo.com with your username and password, and then issuing the following commands.

     cd public_html
     mkdir cgi-bin

In the case of ftp, when you login with your username and password, you will already be in your home directory. When you use mkdir within ftp, it will create the directory with the correct permissions.

How CGI Programs Are Called

If your site is a user site under our domain with a URL like "http://www.eskimo.com/~user", then your CGI program would be called as "http://www.eskimo.com/~user/cgi-bin/program.cgi".

There is also a system cgi-bin directory in which CGI programs that we make available can be accessed. Programs in this directory are called as follows, "http://www.eskimo.com/cgi-bin/program.cgi".

If you have a virtual domain, your CGI programs would be called as follows, "http://www.example.com/~user/cgi-bin/program.cgi".

System cgi-bin programs under your virtual domain would be called as follows, "http://www.example.com/cgi-bin/program.cgi".

Scripted Languages

Perl

Perl is far the most prevalent scripted language used for CGI programs. On Eskimo, the path to perl is "/usr/bin/perl". It is version 5.10.1 presently and built with multi-thread support. Unlike perl4, there is no separate taintperl, instead perl is called with -T to provide this capability.

All perl CGI programs must start with:

     #!/usr/bin/perl

CGI programs requiring taintperl should start with:

     #!/usr/bin/perl -T
Perl Documents URL
Perl Homepage http://www.perl.org/
Perl Articles (O'Reilly) http://www.perl.com/
Comprehensive Perl Archive http://www.cpan.org/
Perl Mongers http://www.pm.org/

There is also an online manual you can access from the shell command prompt by typing, "man perl".

Python

Python is available for web scripting (and other uses). The path to python is "/usr/bin/python". The version of python installed here is version 2.4.4.

Python CGI scripts should be mode 544 and must start with:

     #!/usr/bin/python

Python documentation can be found at http://www.python.org/doc/.

There is also an online manual you can access from the shell command prompt by typing, "man python".

Ruby

Ruby is available for web scripting (and other uses). The path to ruby is "/usr/bin/ruby". The version installed here is ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux].

Ruby CGI scripts should be mode 544 and must start with:

     #!/usr/bin/ruby

Ruby documentation can be found at http://ruby-doc.org/ and http://www.ruby-lang.org/en/documentation/.

An online manual that can be accessed from the shell command prompt by typing, "man ruby".

Compiled Languages

CGI programs can also be written in any of the supported compiled languages. Any compiled programs must be created on shellx.eskimo.com or other 64-bit Intel platforms running Centos 6 Linux. Any programs developed offsite should be extensively tested as it can't be guaranteed the libraries and utilities available on your system are the same as those available here.


Warning

CGI programs execute with your permissions. If there is a flaw in your program that is exploitable remotely, your files and website may be damaged.

Many shared hosting sites execute all code under a common user ID. In that situation, a flaw in any users code can result in damage to all users websites. Here, where each users website executes under their own user ID, only your own code can expose your own website.

Programs should be very careful to eliminate any "../" back references, wild card or regular expression references to filenames or commands, or references to files or commands starting at "/". Care should be taken to make sure input does not overflow input buffers.


Eskimo North • P.O. Box 55816 • Shoreline, WA 98155 • Tel: 206-812-0051 • Toll Free: 800-246-6874