How do I run CGI on SEAS web servers?
The Common Gateway Interface (CGI) is a protocol that allows web servers to execute programs, typically to output HTML for web pages. CGI programs can be written in different languages.
SEAS web servers currently support:
- PHP 7.0
- Perl 5.18
- Python 2.7 (via
- Python 3.4 (via
- Compiled executables
- Other languages available on the web servers (with some limitations)
If you would like CGI enabled on your account, please complete the CGI and MySQL Activation Request Form.
Note: If you are a student and need CGI enabled for a class, please check with your instructor or TA. CETS will often enable CGI on all student accounts in a class at the instructor's request.
CGI is restricted to the
alliance.seas.upenn.edu web servers. CGI scripts will not run in
personal websites on
www.seas.upenn.edu. Scripts on
alliance are protected by Apache suEXEC,
which executes them as the account that owns the scripts. This protects other
accounts in the event of a compromise.
Local logins on these servers have been disabled. Please
manage CGI scripts in the account's home directory on
eniac.seas.upenn.edu using SSH or SFTP. Any changes made there will be
immediately available on the web server.
alliance are identical machines with the same
configurations. Preference is given to production sites on
fling is used for student sites, experiments and development.
Note: All HTTP requests are redirected to
How do I check that CGI is enabled?
- Create a simple working HTML page in
- In a web browser, open
https://alliance.seas.upenn.edu/~username/where username is your account name.
- If you can view your
index.htmlpage, CGI is enabled on your account.
It is your reponsibility to keep your CGI applications secure. This includes applying updates and security patches to any third party applications you install. If a vulnerability is discovered in a security scan, you will be informed via email and expected to fix the problem immediately. If necessary, CETS may disable CGI for your account until the problem has been fixed.
How do I run CGI scripts?
You must first complete the CGI and MySQL Activation Request Form.
CGI is restricted to specific directories. The web server running on
alliancewill only execute programs installed in the following directories:
As with regular web pages, your home directory,
public_htmldirectory, and any directories down the tree to your script (including your
cgi-bindirectory) must be world-executable. Here is how to make a cgi-bin directory, starting from your home directory:
chmod a+x ~ ~/html ~/html/cgi-bin
Perl, Python and other interpreted scripts need an appropriate file extension. Perl scripts should have a
.plfile extension. Python scripts should have a
.cgiextension. PHP scripts should have a
Perl CGI scripts should start with the following shebang line:
Python scripts should start with the following shebang line:
PHP scripts do not need a shebang line.
Included files that are not directly executed do not need the shebang line and can use other extensions like
Permissions & groups need to be set correctly.
For PHP: Your PHP script executes as the owner of the file and only needs owner read permissions (400). It will not run if the file or directory it resides in are world writable.
For Perl/Python: The permissions on your Perl/Python script need to be owned and executable by the owner of the directory. Other group and world permissions will work, but in general it is safest to just use the minimum permissions unless you have specific reasons for doing otherwise. To do this,
cdto the directory where your script is stored and use the Unix
chmod 700 scriptname
The script only needs to be readable and executable by the owner (
chmod o+rx) to run, but adding the write permission for yourself will make it easier to update the program (
chmod u+rwx). Only add additional permissions if you intend to share the file with other people who have SEAS accounts.
The script, the script directory, and the subdirectory in which the script directory is located must all have the same userid and groupid, and must not be world or group writable. If the error log is complaining about incomplete headers, check the group IDs.
dos2unixfor files created in Windows. If you create your file in Windows before uploading them, you may need to run
dos2unixin a unix shell on a SEAS unix machine to convert the end of line characters. To do so, go to the directory that holds your script and run the following command:
Test for syntax errors by running at the command line. By running your script at the command line, you will see the errors generated by Python, Perl, or PHP. To run your script at the command line, go to the directory that contains the script you want to run and type (replace "scriptname" with the name of your script).
For Perl and Python:
After installing your CGI scripts, you will be able to access them through a URL of the following form, depending on the web server:
where username would be replaced by your SEAS username and scriptname would be replaced with the path of the script you wish to access.
- Symbolic links to CGI scripts are ignored.
CGI programs run as the account user. By default, Perl and Python scripts execute with the same privileges as the user account they are being run from. Therefore, CGI scripts can write to directories or files if the user account has write permissions for the directory or file. PHP scripts execute as the user who owns the file.
Troubleshooting CGI issues
First, run the Manage Web Page tool on your accounts page to check your permissions:
- Login to the Configure your SEAS Account page.
- On the left navigation bar, click the "Manage Web Page" tool.
- On the next page, click the first bullet item entitled "Configure my SEAS account for web pages".
- Click the "Continue" button to start the check. It may take a few minutes for the script to run.
- The results page will tell you have any permission problems.
Problem: You don't have a cgi-bin directory.
dynamic directories are not created automatically. You must create
Problem: CGI is enabled on your account, but scripts aren't running correctly.
Solution: This could be caused by a number of different issues:
- Follow the directions above to check whether CGI is enabled for your account.
- Check the permissions on your directories are correct by using the Manage Web Page tool on your accounts page.
- Verify that your script has the correct permissions.
- Make sure you are running your script on the web server where CGI has been
enabled for your account, either
- Verify you have the correct shebang line in your script, if it requires one.
- If your script was created in Windows, run dos2unix on the script.
Problem: Your browser doesn't display error messages when
you try to troubleshoot your script.
Solution: Try running the script at the command line to see the full output, including any errors.