PDA

View Full Version : Wrapper - subdomain



engine
07-05-06, 16:36
Bodhost.com hosting comes with the simple cgi wrapper which enables cgi scripts to run under the user id, rather than as the webserver. However, when activated in the control panel this creates a scgi-bin directory in the root public_html directory only. Is there any way to set the wrapper up for a subdomain (i.e. create public_html/sub_domain/scgi-bin)? Obviously it's possible to simply place the few scripts requiring such rights in the root scgi-bin folder even for subdomains, but I'd prefer not to have files from different subdomains mixed together if at all possible.

Thanks,

Enigma

bodhost.com
07-06-06, 02:55
When you add a subdomain from control panel, a cgi-bin is created by default in directory of that subdomain. You can put your scripts for respective subdomain name in that particular cgi-bin.

engine
07-06-06, 04:43
Thanks for your reply.

The problem is that scripts placed in the subdomain's cgi-bin are run by the webserver under its own user id (user: nobody). Since this is different from the user id of the owner of the site and in a different group if any of the scripts need to write to the filesystem the directories written to must be world writable. The simple CGI wrapper wraps scripts so that they run under the user id of the site owner, not of the webserver. This way directories that are written to need only be user writable, not world writable.

bodhost.com
07-06-06, 05:42
Scripts that you upload remain under your ownership but the scripts generated by some other script in your account is generated under ownership of nobody. If you have problems with the ownership of nobody then you should contact our helpdesk immediately to get your ownership on those scripts as ownership of nobody and permission 777 is open invitation to hackers / crackers to play and modify contents of those scripts.

engine
07-06-06, 06:11
I don't think you're quite understanding my issue.

Suppose we have the following website directory structure (with unix permissions shown):

[d] 755 website/
[d] 755 public_html/
[d] 755 cgi-bin/
[f] 755 root-domain-script.cgi
[d] 755 scgi-bin/
[f] 755 root-domain-wrapped-script.cgi
[d] 755 subdomain/
[d] 755 cgi-bin/
[f] 755 subdomain-script.cgi
[d] 755 safe-user-writable-folder/
[d] 777 unsafe-world-writable-folder/
And the cgi scripts are identical perl scripts containing the following code (forgive me if the perl is incorrect - I'm not that experienced with it - but the intent should be clear):

#!/usr/bin/perl -w

open(SAFEFILE, ">", "/website/public_html/subdomain/safe-user-writable-folder/temp");
open(UNSAFEFILE, ">", "/website/public_html/subdomain/unsafe-world-writable-folder/temp");

while (read (STDIN, $LINE, 4096))
{
if (SAFEFILE)
{
print SAFEFILE $LINE;
}
if (UNSAFEFILE)
{
print UNSAFEFILE $LINE;
}
}
close (SAFEFILE);
close (UNSAFEFILE);

exit(0);

Now root-domain-script.cgi will successfully create the file /website/public_html/subdomain/unsafe-world-writable-folder/temp, but will fail to create the file /website/public_html/subdomain/safe-user-writable-folder/temp. This is because scripts, regardless of who owns the script file, are run by the webserver and therefore are run by default with the webservers user id, which is "nobody" and "nobody" does not have permission to write to the folder safe-user-writable-folder.

This situation is exactly the same for subdomain-script.cgi.

root-domain-wrapped-script.cgi however will run not with the webserver user id but with the script owner's user id, thanks to simple CGI wrapper, and will therefore successfully create both files.

What I would like is to be able to have a directory structure like:

[d] 755 website/
[d] 755 public_html/
[d] 755 cgi-bin/
[f] 755 root-domain-script.cgi
[d] 755 scgi-bin/
[f] 755 root-domain-wrapped-script.cgi
[d] 755 subdomain/
[d] 755 cgi-bin/
[f] 755 subdomain-script.cgi
[d] 755 scgi-bin/
[f] 755 subdomain-wrapped-script.cgi
[d] 755 safe-user-writable-folder/
With the additional scgi-bin directory and subdomain-wrapped-script.cgi in the subdomain folder.

engine
07-06-06, 10:23
Strangely my script seems to be working now even when I move it out of the scgi-bin directory, which I can't explain.

bodhost.com
07-06-06, 14:28
Probablly you have code in your .htaccess to allow cgi scripts to execute outside cgi-bin. If you wish to execute cgi scripts outside cgi-bin then you add following code to your .htaccess :-

Options +ExecCGI
AddHandler cgi-script cgi pl