Indiana University

IU Webmaster

Converting Existing CGI Scripts

Table of Contents

Introduction
If you are currently executing CGI scripts from your cgi-bin directory, you should convert them to run out of your www directory as soon as possible. The older method of executing CGI scripts from your cgi-bin directory, including the use of CGIwrap, is being phased out in January 2001 for www.iupui.edu, and was phased out in the spring of 1999 for www.indiana.edu.

Because the newer method of using CGI scripts on IU and IUPUI's central Web servers runs scripts with the permissions of the script owner, using CGI essentially allows people (most of whom otherwise do not have access to our Web server) to run a program on the Web server as you. For this reason, your scripts do not need to be (and should not be) group or world readable, writeable, and executable. For more information, see "Running as Owner" below.

Return to Top of Page
Instructions for Converting Your Scripts
To convert your scripts to work with the new method of CGI execution on the IU or IUPUI's central Web server (www.indiana.edu or www.iupui.edu):

  1. Move the script to your www directory or any subdirectory of your www directory.

  2. Name your script so that it has either a .cgi or a .pl extension (e.g., myscript.cgi, newscript.pl). Scripts without one of these extensions will not run.

  3. Set the permissions of the script to read, write, and execute for the owner only (the script will not run if it is writeable by group or other). To do this, move to the directory where your script is stored and use the Unix chmod command:

      chmod 700 scriptname

    For more information on the chmod command, log into your web account, and at the Unix prompt, type: man chmod.

  4. Update any links on pages that call your CGI script to reflect the new URL for your script (see "Your Script's URL" below). Be sure to update the <ACTION> field of any forms that reference your CGI script.

  5. Test your script to make sure it is working properly.

Return to Top of Page
Running as Owner
On IUB and IUPUI's central Web servers (www.indiana.edu and www.iupui.edu), CGI scripts execute with the permissions of the script owner (you); this is quite different from many Web servers that run CGI scripts with the permissions of the Web server account.

The authors of many of the CGI scripts available on the Internet recommend that you make world readable and writable any files that your CGI script reads from or writes to. Do not follow this advice for CGI scripts that you run on the university's central Web servers. Your script executes with your permissions, so it can read and write to your files without having to make these files world readable or writeable.

On the contrary, you should remove world read and write privileges on these files to help prevent them from being maliciously overwritten or deleted.

Return to Top of Page
Your Script's URL
The URL (Web address) for your CGI script is similar to the URLs for your static Web pages:

    http://www.indiana.edu/~username/subdirectory/scriptname for IUB users
    http://www.iupui.edu/~username/subdirectory/scriptname for IUPUI users

      where:
      ~username is the name of the account that owns the script.
      subdirectory is the path, if any, from your www directory to your script.
      scriptname is the name of your CGI script (including the .cgi or .pl extension).

Return to Top of Page
Restricting Access to Your CGI Script
To restrict access to your CGI script, you'll need to set up a .htaccess file, as you would for any of your Web pages. For more information on setting up .htaccess files on the central Web server, see the Webmaster's Controlling Web Page Access page.

Return to Top of Page