cgi_wrapper

Langue: en

Version: 110701 (mandriva - 01/05/08)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

cgi_wrapper

DESCRIPTION

The CGI wrapper is part of the Hiawatha webserver. See hiawatha(1) for more information about Hiawatha.

CGI WRAPPER

The CGI wrapper can be used to run certain CGI programs with a different userid then Hiawatha's userid. It replaces the HostId option in previous versions. To function properly, the CGI wrapper binary needs the su-bit. To prevent abuse, it has the necessary security checks. As a result, the CGI wrapper can only be executed by Hiawatha. Via the configuration file (/etc/hiawatha/cgi_wrapper.conf), you can specify what the CGI wrapper is allowed to execute.

The following options are available:

CGIhandler = <CGI handler>[, <CGI handler>, ...]
Specify the CGI handlers the CGI wrapper is allowed to execute.
Example: CGIhandler = /usr/bin/php4-cgi
Wrap = <wrapid>:<path>|~<username>:<userid>[:<groupid>[, <groupid>, ...]]
Via a Wrap-entry, you can control the CGI wrapper. The <wrapid> is used to 'bind' it to a virtual host. See CGIwrapId for more information.
The second option specifies the rootdirectory of the CGI program: it must be located with in this directory or a subdirectory. Specifiy a complete path or use the homedirectory of a user + "/public_html/" by specifing it's username preceded by a '~'. In case of a complete path, it's advisable to use the WebsiteRoot of the associated virtual host. When you specify a complete path, you can replace one slash by a pipe-sign. The part before the pipe-sign will be used for chroot.
The last options are userid and groupid of the CGI process. If the groupid is omitted, it will be looked up in /etc/passwd and /etc/group.
Example: Wrap = test:/var/www/testsite:testuser
         Wrap = jail:/usr/jail|sites/public:1001:101

The CGI wrapper needs Hiawatha's pidfile to work.

Using "CGIwrapId = some_id" and "Wrap = some_id:~hugo:hugo" is the same as using "CGIwrapId = ~hugo".

KNOWN BUGS

When the CGI wrapper is being used, the webserver will not log the correct HTTP code that has been sent to the client. Instead of the correct HTTP code, a 200 will be written in the access logfile.

SEE ALSO

hiawatha(1)