1. CHMOD How do I set permissions?

2. How can I stop my CGI script reading and writing files as "nobody"?

3. How do I password protect a folder or members section using htaccess?

4. I can't get my CGI script to work. HELP!!

5. I need a perl module!

6. What is the path to perl?

7. What version of Perl do you support?

What is chmod?
chmod means to give files or folders permissions. Unix requires it in granting access to read write or execute in a folder or file namely the cgi's and perl scripts.

The easiest way to give a file permission is to use WS_FTP as outlined in the FTP section of this knowledge base to do
it. You can also use telnet but this requires more knowledge. We prefer most to use WS_FTP for this function. All you need to do is highlight the file or folder on the server, rightclick, choose chmod(unix), and then check the
appropriate check boxes.

read = 4
write = 2
execute = 1

That's a total of 7. Now you just need to check the boxes. But wait, there are three groups! Owner, Group, and Other, for a total of 777. So when a script says give me chmod 755 we're checking all the boxes for Owner, and the read and execute boxes for Group and Other.
Pretty easy eh? Its just a numbers racket. §:-)

[-Back To The Top-]

CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD
process, which is (by convention) usually a special user "nobody".

There are two basic ways to run a script under your own userid:
(1) The direct approach: use a setuid program.
(2) The double-server approach: have your CGI script communicate
with a second process (e.g. a daemon) running under your userid,
which is responsible for the actual file management.

The direct approach is usually faster, but the client-server architecture
may help with other problems, such as maintaining integrity of a database.

When running a compiled CGI program (e.g. C, C++), you can make it
setuid by simply setting the setuid bit:
e.g. "chmod 4755 myprog.cgi"

For security reasons, this is not possible with scripting languages
(eg Perl, Tcl, shell). A workaround is to run them from a setuid
program, such as cgiwrap.

In most cases where you'd want to use the client-server approach,
the server is a finished product (such as an SQL server) with its
own CGI interface.

[-Back To The Top-]

Restricting Access to Your Files and Directories via HTAccess Authentication

This tutorial covers Basic user authentication using HTAccess. Authentication denies web access to files, unless the visitor has a valid username and password. This
feature allows webmasters, like yourself, to restrict access to certain directories. The usernames and encrypted passwords are kept in a webmaster-maintained file.

You will need the following basic skills:

An ability to Telnet into your Server using the provided telnet account..
A very basic working knowledge of the Unix shell commands (cd, mkdir, etc.) Once in you may type help at the prompt for a complete list of commands.

Let's suppose you want to restrict files in a directory called turkey to username pumpkin and password pie. Here's what you do:

With any text editor (e.g. notepad), create a file called .htaccess. The file should look like this: Obviously substitute the user name in the example below with your user name and make certain that you have already created the folder called turkey on your server or the folder name you need to password protect and also substitute the turkey dorectory in the path below with yours..


AuthUserFile /usr/www/htdocs/username/turkey/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<LIMIT GET>
require user pumpkin
</Limit>


FTP your new .htaccess file to the directory turkey on your server.

In the above .htaccess file,
AuthUserFile points to the directory which contains the password file. In this case, we named the password file, .htpasswd. AuthUserFile must specify the full Unix
pathname of the password file. The full server the full path would be,
/usr/www/htdocs/username/turkey/.htpasswd. For this example, we chose to place the .htpasswd in the turkey folder and the htaccess in the same folder.. Note that the password file can be placed in any folder just as long as the paths are correct in the htaccess file. Simply FTP the .htaccess file in the turkey folder.

AuthGroupFile: In this case there is no group file, so we specify /dev/null (the standard Unix way to say "this file doesn't exist").

AuthName can be anything you want. The AuthName field gives the Realm name for which the protection is provided. This name is usually given when a browser
prompts for a password (i.e. the Authentication Dialog Box pops up). It is also usually used by a browser in correlation with the URL to save the password information
you enter so that it can authenticate automatically on the next attempt to enter the restricted directory. Note: You should set this to something, otherwise it will
default to ByPassword, which is both non-descriptive and too common.

AuthType should be set to Basic, since we are using Basic HTTP Authentication. Other possibilities for NCSA HTTPd 1.5 are PEM, PGP, KerberosV4,
KerberosV5, or Digest. A discussion of these types of authentication can be found if you do a search on any search engine.

Now lets create a password file....

Next, create the password file, which in this case is .htpasswd.

The easiest way to do this is to use the htpasswd program distributed with NCSA HTTPd.

To do this, telnet into the server, and change to the turkey directory providing that you already created the directory perhaps through an FTP program first.
Once into your account via telnet, at the command line, type:

cd www/turkey

then type
htpasswd -c /usr/www/htdocs/username/turkey/.htpasswd pumpkin

It will then prompt you for a password you want to use..

Next, you type the password, which is this example is pie. Again press the enter key. You will be prompted to enter the password again for verification. The the file is created in the turkey folder.

If you view the resulting .htpasswd file, it should look like this or similar:

pumpkin:y1ia3tjWkhCK2

The carachters next to the word pumpkin are encrypted to stand for the password "pie" :)))

Important Note: be sure that the file path and the filename are the same in both the .htaccess file that you create and in the htpasswd file that you create.

That's it. Any files that you place in your turkey directory now require Basic Authentication to access. Now when you try to access this directory, your browser should demand a username and password. Enter pumpkin in the username field, and pie in the password field. If you are using a browser that doesn't handle authentication, you will not be able to access the document
at all.


Note, also, that the .htaccess file restricts access to any sub directory of the directory in which the .htaccess file resides. Hence, any visitor requesting
~/turkey/nextdirectory would be presented with an authentication request, unless ~/turkey/nextdirectory had a .htaccess file of its own.

Note that to add more users in the future, use the htpasswd program again but without the -c switch: For example,
htpasswd /usr/www/htdocs/username/turkey/.htpasswd bob
will add username "bob" to your .htpasswd file.

To delete users, open the .htpasswd file in a text editor and delete the appropriate lines. You will need to use the -al command to view the hidden file in the folder. You can do that via an FTP client like WSFTP or CUTEFTP

[-Back To The Top-]

Here are some tips on CGI:

*Scripts must be made
executable with chmod 755 filename

*Any script must end
in .cgi to ensure execution.

*Scripts that don't
respond with Content Type tag as first line, must be named nph-Scriptname.cgi
. The nph- stands for non-parsed-headers.

*Perl 5 is located
at /usr/bin/perl you may also try /usr/local/bin/perl

perl 4 is at /usr/bin/perl4.036 , make sure the first
line has this right.

*Perl scripts will
REFUSE to run if uploaded in binary from a non-unix computer. Make sure
you upload scripts in ascii mode only!!!

Perl 4 scripts usually
will need to have any @ or $ escaped with \ character to be perl 5 compatible.
ie print "webmaster\@yourdomain.com"

The directory cgi-bin
is reserved for our shared cgi directory. Your cgi(s) are called from
your cgi-bin with an alias. This is the only way the server can distinguish
between the main cgi-bin and the cgi-bin in your /www/htdocs directory.

In order to get a cgi script to function in your cgi-bin there is something you should be aware of. It is called Apache Aliasing. The way the system is setup, when someone clicks a link to get to your script and have the script execute, Apache on our network must find your account. It does this by looking for your user name attached to your account so it can find the cgi-bin.

Let use an example here a script called test.cgi

You would first place the test.cgi in your cgi-bin
and in an html document you create a link so that users can execute it. The link would look like this. Re[place username with yours of course.
http://yourdomain.com/cgi-username/test.cgi

Apache will automatically look for your user name and find the testcgi in the cgi-bin on your v-server.

In the test.cgi script itself there is a couple request for paths as in most all scripts they are the http path and the server path to your bin

the server path to the script in your cgi-bin is
/usr/www/htdocs/username/cgi-bin/test.cgi
the http is
http://yourdomain.com/cgi-username/test.cgi

Sometimes in an html document the POST ACTION is used the path to the cgi-bin in a post action is
/cgi-username/test.cgi remember username is replaced with yours.


You have other options as well... You can place .cgi scripts anywhere. If the script resides outside the cgi-bin somewhere else on your v-server you can reference it directly
http://yourdomain.com/otherdirectory/test.cgi
the above example is if you have the test.cgi in another directory which could be named anything you want.

For any of the above you MUST assign file permissions either using telnet or do what most do and use an FTP program such as WSFTP which is available for download from our private FTP site ftp://besthost1.com/pub/

If using an ftp client simply right click on the filename to chmod it the proper permissions. A chmod menu should be available when doing the right click on a file or folder.

1 More important notation. any .pl extension MUST be placed in the cgi-bin. Only .cgi's can be used anywhere else on your server outside the cgi-bin.


We hope this short tutorial has been very informative and will assist you in setting up your scripts.


For a complete instruction on doing CHMOD setting permissions refer to the SETTING PERMISSIONS portion of this FAQ GROUP

[-Back To The Top-]

You can install the module to any directory you want
and then add a line in your script:

use lib /path/to/library;

You have to mention this alternate directory during
the installation process using a switch --

perl Makefile.PL INSTALLSITELIB=/path/to/library

or something similar to that.

[-Back To The Top-]

Perl 5 is located here at #!/usr/local/bin/perl some scripts may use #!/usr/bin/perl If you need perl 4, you will need to reference it this way in your script... /usr/bin/perl4.036 .cgi will work in or out of the cgi-bin Please refer to aliasing if you place the .cgi in the cgi-bin Aliasing is NOT required if you place the .cgi outside the cgi-bin. Please note that all .pl files MUST reside in the cgi-bin using aliasing OR if you need to have the .pl in a separate directory, you MUST first create a folder called cgibin (note there is no dash) Place the .pl in the newly created folder and reference it directly. No aliasing required.

 Alternatively you can Telnet in to your account and use whereis perl command etc

perl5.004_04
and of course earlier versions for backwards compatibility.