By default, CGI scripts running on our server execute as the web user www; this user has no special permissions. Thus, the directory in which the script resides must be world-searchable, the script must be world-executable, and files read or written by the script must be world-readable or world-writable.
In certain applications, you may prefer that a script execute with your Unix account permissions so as to access protected data. We provide a "Secure CGI" mechanism for doing this.
Warning: Please carefully weigh your need for this feature against the security risks of a script running with the full permissions of your user account. You are responsible for the use of that account, whether by your own hand, by someone using a workstation where you left yourself logged in, or by someone exploiting a poorly written script which you have made available on the Web. You may wish to review our policies.
The basic guidelines for setting up a secure CGI script are:
- Full script pathnames should contain only printing ASCII characters. They should not contain relative path components.
- Script directories should be searchable by the owner and have the same owner/group as the script file. They should not be writable by anyone other than the owner
- Script files should be a regular file (not a symlink), be executable by the owner and have the extension ".scgi".They should not be setuid or setgid or writable by anyone other than the owner.
Other notes:
- Non-parsed-header scripts may be used with the usual nph- prefix.
- Access control directives (in a .htaccess file) will not work for a .scgi script. Normally, this is not a problem, since the script is typically the action associated with a form in a .html file, which can be access controlled. Of course, the script is at liberty to implement any authentication for itself that it chooses.