Users can develop Common Gateway Interface (CGI) scripts that are executed on demand through the Cal Poly Pomona Web. CGI scripts can be executable binaries produced from a compiled language (e.g., C or C++) or scripts written in an interpreted language (e.g., perl or sh). There are user CGI and group CGI scripts that operate under the following conditions:
A user CGI can be executed through the Cal Poly Pomona Web using a URL of the form http://www.csupomona.edu/cgi-user/username/path/script, where username is the username of the CGI file owner, /dfs/user/username/path is the directory containing the CGI file and script is the name of the CGI file.
For debugging purposes, a user CGI can be executed through the Cal Poly Pomona Web using a URL of the form http://www.csupomona.edu/cgi-userd/username/path/script. In addition to the intended standard output, debugging output and standard error output are directed back to the browser rather than the Web server error logs.
The CGI file must be owned by the user username that appears in the URL.
The CGI file must reside within the user directory /dfs/user/username.
path must include a subdirectory named cgi-bin. This allows CGI authors to segregate scripts that can be executed as CGIs from those that cannot. For example, a user CGI file might reside in a directory named /dfs/user/username/cgi-bin or /dfs/user/username/project/cgi-bin.
The ACLs on all directories enclosing the CGI file must allow search access by anyone on the Internet.
If the ACL on the CGI file allows execute access by anyone on the Internet, then the CGI is executed as an unauthenticated user CGI with the (relatively weak) access privileges of anyone on the Internet. Any files or directories that the CGI seeks to read and/or write must have ACLs that allow read and/or write access by anyone on the Internet. If the CGI is written in an interpreted language, then the ACL on the CGI file must also allow read access by anyone on the Internet.
If the ACL on the CGI file doesn't allow execute access by anyone on the Internet, then the CGI is executed as an authenticated user CGI with the access privileges of the owner, if possible. The owner of an authenticated user CGI must have previously escrowed their password for CGI authentication, so that their access privileges can be obtained by the Web server on demand. Any files or directories that the CGI seeks to read and/or write must have ACLs that allow read and/or write access by the owner. The ACL on the CGI file must allow execute access by the owner. If the CGI is written in an interpreted language, then the ACL on the CGI file must also allow read access by the owner.
A group CGI can be executed through the Cal Poly Pomona Web using a URL of the form http://www.csupomona.edu/cgi-group/groupname/path/script, where groupname is the name of a group containing the CGI file owner, /dfs/group/groupname/path is the directory containing the CGI file and script is the name of the CGI file.
For debugging purposes, a group CGI can be executed through the Cal Poly Pomona Web using a URL of the form http://www.csupomona.edu/cgi-groupd/groupname/path/script. In addition to the intended standard output, debugging output and standard error output are directed back to the browser rather than the Web server error logs.
The CGI file must be owned by a user who is a member of the group groupname that appears in the URL.
The CGI file must reside within the group directory /dfs/group/groupname.
path must include a subdirectory named cgi-bin. This allows CGI authors to segregate scripts that can be executed as CGIs from those that cannot. For example, a group CGI might reside in a directory named /dfs/group/groupname/cgi-bin or /dfs/group/groupname/project/cgi-bin.
The ACLs on all directories enclosing the CGI file must allow search access by anyone on the Internet.
If the ACL on the CGI file allows execute access by anyone on the Internet, then the CGI is executed as an unauthenticated group CGI with the (relatively weak) access privileges of anyone on the Internet. Any files or directories that the CGI seeks to read and/or write must have ACLs that allow read and/or write access by anyone on the Internet. If the CGI is written in an interpreted language, then the ACL on the CGI file must also allow read access by anyone on the Internet.
If the ACL on the CGI file doesn't allow execute access by anyone on the Internet, then the CGI is executed as an authenticated group CGI with the access privileges of the owner, if possible. The owner of an authenticated group CGI must have previously escrowed their password for CGI authentication, so that their access privileges can be obtained by the Web server on demand. Any files or directories that the CGI seeks to read and/or write must have ACLs that allow read and/or write access by the owner. The ACL on the CGI file must allow execute access by the owner. If the CGI is written in an interpreted language, then the ACL on the CGI file must also allow read access by the owner.