CGI Advanced Guide

1. Setting up SSH access using PuTTy

2. Common things to do in shell

• a. Check the path of your current directory
• b. Check the path to your "home" directory
• c. List files in your current directory
• d. Moving into a (lower) sub-directory
• e. Moving into a (higher) parent-directory
• f. Create a folder
• g. Remove a file
• h. Remove a folder
• i. log out of the server

3. Advanced CGI server settings

• a. File and directory ownership
• b. File permissions
• c. Directory permissions
• d. Command Line CHMOD
• e. FTP CHMOD
• f. Shell Connections

4. Operating system
5. Using PHP and Perl

• a. General PHP information
• b. Writing scripts

6. Shell access

• a. Test server

7. Temporary storage
8. Rewrite engine
9. 'C' and other compilers

Advanced CGI Guide

This guide provides information for using the CGI service. It covers how to use shell access for setting up CGI scripts. There is also more advanced information about how the CGI platform operates, which is directed mostly at experienced users. See Advanced CGI Server settings.

To use your CGI service you will need to use a telnet or SSH client program. We recommend that you use PuTTy, which is free to download. Download PuTTy SSH Client

1. Setting up SSH access using PuTTy

1. Run the putty.exe program.
2. Type in the Host Name for your CGI space - cshell.plus.net
3. Make sure the Port is set to 22 (the default for SSH access).
4. Protcol should be set to SSH.
5. To save your settings add a name for your connection such as "Plusnet CGI" in the Saved Sessions line.
6. Click Save.
7. Click Open to start using your CGI space. A Shell window will open and you will be prompted for your CGI username and password.

You can check the required settings for Telnet/SSH access to your shell account.
[Top]

2. Common things to do in shell

a. Check the path of your current directory
On the command line, type:
pwd


This command stands for Print Working Directory. It is useful if you are installing a cgi application, such as a blog or forum that requires you to provide file paths during setup.
[Top]

b. Check the path to your "home" directory
On the command line, type:
cd;pwd


The home directory is where all your cgi files and folders are stored. You should see a path with the following format -
/files/home1/username or /files/home2/username or /files/home3/username.
[Top]

c. List files in your current directory
Use the ls (list) command
On the command line, type:
ls


You will be shown a list of the files and directories in the directory you are currently viewing.
[Top]

d. Moving into a (lower) sub-directory
Use the cd (Change Directory) command
On the command line, type:
cd (directory name)


If there is a directory called logs located in the directory you are currently viewing, you would type -
cd logs to view inside it.
[Top]

e. Moving into a (higher) parent-directory
Use the command cd again
On the command line, type:
cd ..


This will move you up to the next directory level. You can view directories outside your home directory, although you will not be able to read or change any of the files there.
[Top]

f. Create a folder
To create new folders on the CGI server you use the mkdir command.
On the command line, type:
mkdir (new directory name)


[Top]

g. Removing files
To remove a file from the server, you use the remove (rm) command:
On the command line, type:
rm (file name inc extension)


[Top]

h. Remove folder
To remove a folder from the server, you need to replace rm with rmdir.
Note that rmdir only works if the directory is empty.


[Top]

i. Leaving the server
When you are finished on the shell server, you can use the exit command to log out.
On the command line, type:
exit


"logout" will briefly appear on the screen and the window should close.
[Top]

3. Advanced CGI Server settings

a. File and directory ownership
The base ownership of files and directories are as follows: Owner: your username Group: nogroup These ownerships (particularly the 'group' ownership) need to be kept intact for any files and scripts you want to be accessible via the web. [Top]

b. File permissions
The base permissions you need on a file is chmod 740.
Running scripts on the CGI platform will depend on setting the appropriate file attributes, these are the properties of each file that decide who can do what with the file.

Incorrect setting of file permissions is a very common cause for CGI scripts to not work as expected - or to generate error messages. Always double check file permissions.

All files on the CGI server have an 'owner' and belong to a 'group'. There will be a set of attributes that decide what the owner of the file can do, a set of attributes that decide what group members can do, and finally, a set of attributes that decide what everyone else can do.

• Owner permissions - access permissions that apply to the file's owner.
• Group permissions - Access permissions that apply to all users in the files group.
• Other permissions - Access permissions for any user who is not the file's owner or a member of the files group.

Each of the above sets has three possible permissions. These are -

Read - Read the file

Write - Write to the file

Execute - For a script this means it can be run, for a directory, files within it can be accessed.

A program called CHMOD (an abbrieviation of change mode) is used to change file permissions.
For making PHP files executable we have provided a script called fixphpperms to help.

There are two ways of using CHMOD.

1. Using text commands in your cgi shell, which is preferred by experienced programmers.
2. Using the CHMOD feature of an FTP client, faster for the less experienced user, but it is easier to make mistakes.

c. Command line CHMOD
Navigate to the directory containing the files or directories for which you want to set permissions.
On the command line type -
chmod (user)=(permission) (filename)

user values
u - the owner
g - group
o - other
a - all (same as saying ugo)

permission values
r - read
w - write
x - execute

example:
On the command line, type:
chmod u=x file.pl
Sets the the execute permission for the file owner.

On the command line, type:
chmod a=rwx
Sets read, write and execute for all users.

For more information on using CHMOD, read the online manual by using the following command in your shell.

• 1. Type man chmod
• 2. Click enter

[Top]

d. FTP Client CHMOD
Within your FTP program, navigate in your "remote" window to the directory that contains the files for which you need to set permissions. All FTP programs may work slightly differently, we use CuteFTP as an example -

1. Left-click (highlight) the file you want to set permissions for
2. Right-click on the file to bring up the file menu
3. Choose "Change File Attributes"
4. Tick the permissions you want for each type of owner
5. Click OK when you have finished.

Note the Manual box provides a numerical version of the set permissions, this consists of a number between 0 and 7 for Owner, Group and All.
Permission 755 indicates full permissions for the Owner, with just Read and Exectute permissions for Group and Other.
[Top]

e. Directory permissions The base permissions you need on a directory is chmod 750.
Additionally, a special bit is set on the group permission that ensures all files you create in the directory are group-owned by the group nogroup. If this special bit is removed, files under that directory will be owned by the wrong group and you won't be able to access the contents via a web browser.

Due to a security restriction which protects the system from published hacking attempts, you will NOT be able to add this bit back by yourself.
[Top]

f. Shell connections If you wish to use SSH to connect to the shell service, and your client supports different SSH protocols but does NOT use SSH2 by default, you must manually set your client to use SSH2 only. Attempts to use SSH1 will result in a "permission denied" error.
[Top]

4. Operating system

Our CGI uses a Debian operating system. Debian is a very stable and secure OS, which offers a highly sophisticated package maintenance system. At the heart of the platform's security is the 'Jail' type Vserver mechanism. This has the ability to limit the functions available to any rogue user wanting to harm the system. Potential damage to the platform is then only limited to a small area, protecting other users.
[Top]

5. Using PHP and Perl

a. General PHP information
PHP, along with all other forms of CGI runs as an executable program.. The reason for this is mod_php can not be used when you need scripts to run in a per-user context (that is, run a script as the user themselves). This means that PHP files now need to be executable for them to work (perl, python etc files have always required this). See our Beginners Guide to PHP

Because of the way Linux works, PHP files can't be automatically created with the execute permissions set. For PHP files to work, they need to be executable both by the user, and by the group ownership (hence a base permission of 440 above) - this is easily done with the chmod utility. However, we have created a script on the shell server to help out.

This is called fixphpperms.sh and lives in /usr/local/bin. It can fix a single file, all files and subdirectories from the current directory, or ALL php files in your homespace.

Here is how it looks when run with no parameters:
cshell02:/# fixphpperms.sh
fixphpperms.sh - a script to add user executable bit to .php files you own
On the command line, type:
fixphpperms.sh (where)

(where) values (indicating the location in which php files will be fixed)
-c - php files in your current directory AND all subdirs
-r - php files from your homedirectory down
-s - php files in your current directory only

example:
fixphpperms.sh -s
Will fix all .php files that are located in your current directory.
[Top]

b. Writing scripts
User's scripts can write directly to the user's CGI space.

This means that you can protect your own areas with secure chmod settings. This prevents user's scripts from accessing other user's areas. It also limits the impact of any exploitable CGI scripts to only the area of the affected user, not all user's areas.
[Top]

6. Shell access

To maintain overall security shell access is no longer available for compiling or installing directly onto the live CGI platform. However a test server is available.

a. Test Server A separate test server for shell and home directory access is available to use. This provides a more secure way to compile and install programs in your own home directory and then test them on the live platform. User accounts are provided with secure settings when the account is created.
[Top]

7. Temporary storage

Temporary (/tmp) storage is available, however, we do not encourage using it. We cannot guarantee the security of any data held within /tmp, nor can we guarantee the data won't be periodically cleared without warning. It is much better to get your scripts to write to a temporary directory within the security of your own home directory.
[Top]

8. Rewrite engine

The rewrite engine ensures that http headers don't get broken. It allows the header to contain both a port as well as an address.
[Top]

9.'C' and other compilers

The ability to compile scripts is available, although this activity is restricted to the shell platform only, which has your CGI space mounted and available. The shell platform is only available from within Plusnet IP ranges.
[Top]

Rate this page

Has this page helped you solve your problem? Your feedback helps us to improve the help we provide.

Please note: We cannot reply to individual feedback through Rate My Page. If you need more help with a problem please use the Help Assistant. Other customers will be happy to help you with most issues at the Community Site Forum.