How do I run CGI on SEAS web servers?

The Common Gateway Interface (CGI) is a protocol that allows web servers to execute programs, typically to output HTML for web pages. CGI programs can be written in different languages.

SEAS web servers currently support:

If you would like CGI enabled on your account, please complete the CGI and MySQL Activation Request Form.

Note: If you are a student and need CGI enabled for a class, please check with your instructor or TA. CETS will often enable CGI on all student accounts in a class at the instructor's request.

CGI is restricted to the fling.seas.upenn.edu and alliance.seas.upenn.edu web servers. CGI scripts will not run in personal websites on www.seas.upenn.edu. Scripts on fling and alliance are executed as the account that owns the files. This protects other accounts in the event of a compromise.

Local logins on these servers have been disabled. Please manage CGI scripts in the account's home directory on eniac.seas.upenn.edu using SSH or SFTP. Any changes made there will be immediately available on the web server.

fling and alliance are identical machines with the same configurations. Preference is given to production sites on alliance, while fling is used for student sites, experiments and development.

Note: All HTTP requests are redirected to HTTPS on fling.seas.upenn.edu and alliance.seas.upenn.edu.

How do I check that CGI is enabled?

  1. Create a simple working HTML page in your html directory (~username/html/index.html).
  2. In a web browser, open https://fling.seas.upenn.edu/~username/ or https://alliance.seas.upenn.edu/~username/ where username is your account name.
  3. If you can view your index.html page, CGI is enabled on your account.

CGI Security

It is your reponsibility to keep your CGI applications secure. This includes applying updates and security patches to any third party applications you install. If a vulnerability is discovered in a security scan, you will be informed via email and expected to fix the problem immediately. If necessary, CETS may disable CGI for your account until the problem has been fixed.

How do I run CGI scripts?

  1. You must first complete the CGI and MySQL Activation Request Form.

  2. CGI is restricted to specific directories. The web server running on fling or alliance will only execute programs installed in the following directories:

    • $HOME/public_html/cgi-bin
    • $HOME/public_html/dynamic
    • $HOME/public_html/wiki
  3. As with regular web pages, your home directory, public_html directory, and any directories down the tree to your script (including your cgi-bin directory) must be world-executable. Here is how to make a cgi-bin directory, starting from your home directory:

    cd html
    mkdir cgi-bin
    chmod a+x ~ ~/html ~/html/cgi-bin
  4. Perl, Python and other interpreted scripts need an appropriate file extension. Perl scripts should have a .cgi or .pl file extension. Python scripts should have a .cgi extension. PHP scripts should have a .php file extension.

    Perl CGI scripts should start with the following shebang line:

    #!/usr/bin/perl

    Python scripts should start with the following shebang line:

    #!/usr/bin/python

    PHP scripts do not need a shebang line.

    Included files that are not directly executed do not need the shebang line and can use other extensions like inc.

  5. Permissions & groups need to be set correctly.

    For PHP: Your PHP script executes as the owner of the file and only needs owner read permissions (400). It will not run if the file or directory it resides in are world writable.

    For Perl/Python: The permissions on your Perl/Python script need to be owned and executable by the owner of the directory. Other group and world permissions will work, but in general it is safest to just use the minimum permissions unless you have specific reasons for doing otherwise. To do this, cd to the directory where your script is stored and use the Unix chmod command:

    chmod 700 scriptname

    The script only needs to be readable and executable by the owner (chmod 500 or chmod o+rx) to run, but adding the write permission for yourself will make it easier to update the program (chmod 700 or chmod u+rwx). Only add additional permissions if you intend to share the file with other people who have SEAS accounts.

    The script, the script directory, and the subdirectory in which the script directory is located must all have the same userid and groupid, and must not be world or group writable. If the error log is complaining about incomplete headers, check the group IDs.

  6. Run dos2unix for files created in Windows. If you create your file in Windows before uploading them, you may need to run dos2unix in a unix shell on a SEAS unix machine to convert the end of line characters. To do so, go to the directory that holds your script and run the following command:

    dos2unix scriptname
  7. Test for syntax errors by running at the command line. By running your script at the command line, you will see the errors generated by Python, Perl, or PHP. To run your script at the command line, go to the directory that contains the script you want to run and type (replace "scriptname" with the name of your script).

    For Perl and Python:

    ./scriptname

    For PHP:

    php scriptname
  8. After installing your CGI scripts, you will be able to access them through a URL of the following form, depending on the web server:

    https://fling.seas.upenn.edu/~username/cgi-bin/scriptname

    https://alliance.seas.upenn.edu/~username/cgi-bin/scriptname

    where username would be replaced by your SEAS username and scriptname would be replaced with the path of the script you wish to access.

Other Restrictions

  1. Symbolic links to CGI scripts are ignored.
  2. CGI programs run as the account user. By default, Perl and Python scripts execute with the same privileges as the user account they are being run from. Therefore, CGI scripts can write to directories or files if the user account has write permissions for the directory or file. PHP scripts execute as the user who owns the file.

Troubleshooting CGI issues

First, run the Manage Web Page tool on your accounts page to check your permissions:

  1. Login to the Configure your SEAS Account page.
  2. On the left navigation bar, click the "Manage Web Page" tool.
  3. On the next page, click the first bullet item entitled "Configure my SEAS account for web pages".
  4. Click the "Continue" button to start the check. It may take a few minutes for the script to run.
  5. The results page will tell you have any permission problems.

Problem: You don't have a cgi-bin directory.
Solution: The cgi-bin, wiki or dynamic directories are not created automatically. You must create them manually.

Problem: CGI is enabled on your account, but scripts aren't running correctly.
Solution: This could be caused by a number of different issues:

  1. Follow the directions above to check whether CGI is enabled for your account.
  2. Check the permissions on your directories are correct by using the Manage Web Page tool on your accounts page.
  3. Verify that your script has the correct permissions.
  4. Make sure you are running your script on the web server where CGI has been enabled for your account, either fling.seas.upenn.edu or alliance.seas.upenn.edu.
  5. Verify you have the correct shebang line in your script, if it requires one.
  6. If your script was created in Windows, run dos2unix on the script.

Problem: Your browser doesn't display error messages when you try to troubleshoot your script.
Solution: Try running the script at the command line to see the full output, including any errors.

© Computing and Educational Technology Services