Penn Engineering CETS Answers

CGI Scripts on alliance.seas and fling.seas

The Common Gateway Interface (CGI) is a protocol designed to pass information from the browser to the server, and back again. A CGI program is executed to output dynamic information. CGI programs can be written in several different languages, the most common being Perl and PHP. We run PHP 5.

Registration is required to use CGI

Note: If you need CGI enabled for a class, please check with your TA. Usually we enable CGI on all student accounts in a class when we get a request from the TA or professor.

Registration is required to use CGI. If you would like CGI enabled on your account, please answer the following questions and send them to cets@seas.upenn.edu with your request for CGI to be enabled.

  1. For what course or SEAS activity is the CGI used?
  2. Who is actively maintaining it?
  3. Who is the target audience for the CGI?
  4. Will the CGI be password protected, or will it be available to the world?
  5. Briefly, what does your web application do?

How to check if CGI is enabled on your account

  1. Make sure you have a working webpage in your html directory.
  2. Check http://fling.seas.upenn.edu/~youraccount where youraccount is your account name.
  3. If you can view your index.html page, CGI is enabled on your account.

CGI on Fling.seas & Alliance.seas

Note: fling.seas was previously referred to as "fling-l.seas".

Fling.seas and Alliance.seas are the latest CGI web servers at SEAS. Scripts on Fling.seas and Alliance.seas are protected by the Apache suEXEC facility.

Local logins on Fling and Alliance have been disabled. You can create and/or modify your scripts by accessing your SEAS home directory on eniac.seas.upenn.edu via ssh or sftp.

Not all home directories will be available on Fling and Alliance. Only the home directories that have CGI enabled will be available (on the machine on which CGI is enabled).

Fling and Alliance are identical machines with the same configurations. Alliance.seas is for production sites and services run by faculty and staff. Everyone should use Fling.seas for experiments and development.

How to get your CGI script up and running

1. If you haven't done so, register your account for CGI.

2. Scripts need to be run in the correct directory. In order to make your CGI scripts accessible to the web server running on Fling.seas or Alliance.seas you must install them under one of the following directories:

  • $HOME/html/cgi-bin
  • $HOME/html/dynamic
  • $HOME/html/wiki

Remember that, as for regular web pages, your home directory, html directory, and any directories down the tree to your script (including your cgi-bin directory) must all be world-executable in order to access the contents via the web. Here is how to make a cgi-bin directory, starting from your home directory:

cd html
mkdir cgi-bin
chmod a+x ~ ~/html ~/html/cgi-bin

3. Scripts need the proper file extension and shebang line. Perl scripts have to have a.cgi or.pl file extension. PHP scripts need to have a .php file extension. Files that are executed need to have the correct filename extension and shebang line as the first line of the script:

Perl / CGI scripts should start with the following shebang line: #!/usr/bin/perl

PHP scripts should start with the following shebang line: #!/usr/local/bin/php

Included files that are not directly executed do not need the shebang line and can use other extensions like inc.

4. Permissions & groups need to be set correctly. The permissions on your CGI script need to be owned and executable by the owner of the directory. Other group and world permissions will work, but in general it is safest to just use the minimum permissions unless you have specific reasons for doing otherwise. To do this, move to the directory where your script is stored and use the Unix chmod command:

chmod 700 scriptname

The script only needs to be readable and executable by the owner (chmod 500 or chmod o+rx) to run. You probably want to add write permission for yourself to make it easier to update the program (chmod 700 or chmod u+rwx). Only add additional permissions if you intend to share the file with other people who have SEAS accounts.

The script, the script directory, and the sub-directory in which the script directory is located must all have the same userid and groupid. If the error log is complaining about incomplete headers, check the group IDs.

5. Run dos2unix or mac2unix for files created in Windows or MacOS. If you create your file in Windows or Mac OS before uploading them, you may need to run dos2unix or mac2unix in a unix shell on a SEAS unix machine to convert the end of line characters. To do so, go to the directory that holds your script and run the following command.
For Windows files:

dos2unix scriptname

For Mac OS:

mac2unix scriptname

6. Test for syntax errors by running at the command line. By running your script at the command line, you will see the errors generated by PHP or Perl. To run your script at the command line, go to the directory that contains the script you want to run and type:

./scriptname

7. How to access your script. After installing your CGI scripts, you will be able to access them through a URL of the following form:

Fling.seas
http://fling.seas.upenn.edu/~username/cgi-bin/scriptname
Alliance.seas
http://alliance.seas.upenn.edu/~username/cgi-bin/scriptname
where username would be replaced by your SEAS username and scriptname would be replaced with the path of the script you wish to access.

Other Guidelines

1. You can't use symlinks to execute CGI scripts.

2. CGI write permissions. By default, CGI scripts execute with the same privileges as the user account they are being run from. Therefore, CGI scripts can write to directories or files as long as the user account it's in has write permissions for the directory or file.

Code Review Service

If you have any questions about the security of your code, or would just like another pair of eyes looking for vulnerabilities, CETS offers a code review service. Please send us an email if you are interested.

Before the code review, please review the Fling/Alliance policy article.

Troubleshooting CGI issues

First, run the Manage Web Page tool on your accounts page to check your permissions:

  1. Login to the Configure your SEAS Account page.
  2. On the left navigation bar, click the "Manage Web Page" tool.
  3. On the next page, click the first bullet item entitled "Configure my SEAS account for web pages".
  4. Click the "Continue" button to start the check. It may take a few minutes for the script to run.
  5. The results page will tell you have any permission problems.

Problem: You don't have a cgi-bin directory.
Solution: Your cgi-bin (or wiki or dynamic) directories are not created automatically. See the explanation above for more information.

Problem: CGI is enabled on your account, but scripts aren't running correctly.
Solution: This could be caused by a number of different issues:

  1. Follow the directions above to check whether CGI is enabled for your account.
  2. Check the permissions on your directories are correct by using the Manage Web Page tool on your accounts page.
  3. Verify that your script has the correct permissions.
  4. Make sure you are running your script from from fling or alliance - more information.
  5. Verify you have the correct shebang line in your script.
  6. If your script was created in Windows or Mac OS, run dos2unix or mac2unix on the script.

Problem: All of the items listed above appear to be correct, but my script is still not working.
Solution: You may have a problem with your code, so we are going to check to make sure php is working correctly in your account. If you currently have a "index.php" script in your cgi-bin directory, please remove it or rename it. Run the Manage Web Page tool on your accounts page to create a test index.php file. Now run the file by visiting this URL in your favorite browser (if you are running CGI on Alliance, change "fling" to "alliance"):

http://fling.seas.upenn.edu/~username/cgi-bin/index.php

If PHP is working correctly, you should see the text "Sample CGI PHP Script".

Problem: Your browser doesn't display error messages when you try to troubleshoot your script.
Solution: Try running the script at the command line to see the full output, including any errors.

© Computing and Educational Technology Services cets@seas.upenn.edu 215.898.4707