Virtual Web Server Directories and File Permissions
There are four directories important to the operation of your virtual web
server: cgi, logs, web, pw and tmp.
-
- /cgi is where you should store and run your cgi scripts from
-
- /logs is where your access and error logs are stored
-
- /web is where you should store your .html and graphics files
-
- /pw is used for User Authentication password files
The permissions for these directories are set when created and should not
be tampered with. If you have accidently changed the permissions of your
directories, a little work will be needed to restore them to what they
should be.
The directories that appear in your folder are actually links to directories
elsewhere. They have a location that follows a standard format.
That standard format will be given for each directory shown below.
However, you will need to determine a couple directory coordinates.
The first coordinate is a single hexadecimal digit (0-9 and a-e).
The second coordinate is two hexadecimal digits. To see what they
are, run a pwd from your home directory. The output will show something
like
/u/home/8/1A/[login]/www.[domain.com]
The third and fourth directories are where you will find your coordinates.
Please note these, as they will be crucial. We will refer to these
coordinates as x and yy throughout this document. For
example, the above example would be expressed as /u/home/x/yy/[login]/www.[domain.com].
Now, to reset the permissions, you will need to use the following commands.
- Your web directory should be permission 0750.
chmod 0750
/u/home/x/yy/[login]
- Your pw directory should be permission 0710.
chmod 0710
/u/web/http/pw/x/yy/www.[domain.com]
- Your cgi directory should be permission 0710.
chmod 0710
/u/web/http/cgi/x/yy/www.[domain.com]
- Subdirectories beneath your web directory
should be permission 0755.
chmod 0755
/u/home/x/yy/[login]/subdir
* Your web files
should be permission 0644.
chmod 0644 filename
5 -rw-r--r-- 1 login login
4607 May 13 12:24 index.html
* cgi-bin programs
should permission 0750.
chmod 750 cgi-filename
14 -rwx------ 1 login login
12322 May 13 12:00 mail*
* data files
your cgi program needs to read from should be permission 0400
chmod 400 filename
1 -r-------- 1 login login
46 May 13 12:28 mail.list
* files your
cgi program needs to read from AND write to should be permission 600
chmod 600 filename
1 -rw------- 1 login login
46 May 13 12:28 datafile
* If you install
an htpasswd file in your pw directory, the permissions for that should
be set to 0644.
chmod 0644 filename
1 -rw-r--r-- 1 login login
5 May 19 14:44 .htpasswd
CGI /tmp Usage Tips & Suggestions
The /tmp directory is, of course, a good place to store files temporarily,
and if you need some kind of temporary file in a cgi program that you've
written, here are some tips:
There's a link named 'tmp' in your home directory that points to a directory
just for you named /tmp/login (replacing the 'login' part with your virtual
web login name). By using this tmp file for CGI temporary files, you help
to keep the /tmp directory more orderly, and help prevent the possibility
that your temporary files will collide with another virtual web's. Since
/tmp gets cleaned up occasionally, your CGI should first test for the existance
of your /tmp subdirectory first, just to be safe. If it doesn't exist,
the CGI should create it: (perl example, remember to run CGIs that write
as setuid, as described in the "Virtual Web Server Directories and File
Permissions" bulletin...)
if ( ! -d '/tmp/login')
{
mkdir('/tmp/login', 0700);
}
name the temporary file uniquely. Even though you have one cgi, it's
still possible/probable that the cgi will need to run side-by-side with
itself. A good way to accomplish this is to name the file with the PID
number in the filename. (Perl and shell variable: $$, C function: getpid())
It's also a good idea to add some unique id to the filename for every different
cgi you have that creates temporary files; for example if you had cgi's
named c1 and c2, you could begin the temporary file filename with 'c1-'
or 'c2-' and append the PID number.
Have your cgi's clean up after itself by removing the temporary file
before ending the program.
Those Pesky Control-M's
A common problem with cgi scripts, especially for those new to writing
them on unix machines as opposed to dos or similar operating systems is
that UNIX separates lines with linefeeds (Control-J's) and DOS separates
with a carriage-return and a linefeed (Control-M Control-J).
In normal HTML editing, this is not a problem, since the web server
handles line separation both ways. However, when working with Perl or Shell
scripts, it's very important that lines are terminated UNIX style.
Here's why...
The first line of a perl or shell script indicates what program is needed
to interpret the script. For example:
#!/usr/local/bin/perl
indicates that the script needs to be interpreted by perl. If the lines
are separated by Control-M Control-J's, the system thinks it reads...
#!/usr/local/bin/perl^M
...which isn't on the system. When an html calls the cgi, you'll get
a server error.
To clear out those extra control-M's:
tr -d '\015' < cgifile
> tempfile
mv tempfile cgifile
For information about htaccess files, please read our htaccess file basics page.
For more information on CGI programming, click here.
For a source of ready-made CGI scripts, click here.
