You may run CGI programs on Alcor. Please remember that
you are held entirely responsible for the results of any CGI programs
Users may run CGI programs on Alcor only through the intermediary of
cgiwrap, a program which ensures that your programs run as your
user ID, and thus have access only to those files your account can
To install and invoke your CGI program, you need to:
Some additional notes:
- Make a subdirectory called "cgi-bin" under your www subdirectory.
- Place your CGI scripts and programs in this cgi-bin subdirectory.
(Your program may be a symbolic link to another executable, if
- Make sure your CGI scripts are executable by your own account; it
is not necessary that they be readable or executable to anyone
else, since they will run with your user ID.
- Make sure that all the programs and facilities used by your
program are available under the
chroot environment; check in /public/usr/bin and
/public/local/paths. If you need a program that is not
available, post a request to the newsgroup
concordia.dept.iits.help (but please be
aware that there's no guarantee that your request will be fulfilled).
- You may now invoke the program with the url:
- You can use "cgiwrapd" instead of "cgiwrap" in the URL example
above; this inserts some debugging information above your script
- If a file is present in your www/cgi-bin directory,
and is executable by you, then anyone can cause it to run
under your userid, simply by invoking a Web browser
with the url described above. Therefore, don't install a file
unless you're sure that it's OK for it to run under your account.
- If your program does not put a "Content-Type" header into its
output, you can use "nph-cgiwrap" (or the corresponding
"nph-cgiwrapd" for debugging) instead of "cgiwrap", and the
header will be added for you.
- Unlike the Web server software (httpd), cgiwrap follows
symbolic links. Remember, though, that it cannot follow links
which point outside /public.
- Cgiwrap does not use .htaccess files; the CGI programs
installed in your www/cgi-bin directory are not protected by any
.htaccess files which may exist in that directory or its
parents. If you want to do access control on your CGI
scripts, you'll have to insert it specifically.
- If you want one of your scripts to send e-mail, try
It is important to be aware of security issues surrounding CGI
programs. By installing a CGI program in the web area of your account
(i.e., in your www/cgi-bin directory), you are permitting anyone on
the Internet to run that program on Alcor, with the privileges of your
account. If you make (or the author of the script you install makes)
a programming error which creates a security hole, anyone on the
Internet may be able to execute arbitrary commands on Alcor (under
the chroot), with the privileges of your account.
You are responsible for such activities, so practice
safe CGI programming.
Here are a few documents on CGI security:
If you know how to program, you can read the crash introduction to CGI
CGI Made Really Easy.
A more complete reference on CGI programming is the
CGI programming FAQ.
Finally, we have made available the
CGI.pm perl module.