There are a number of things that can go wrong when setting up your cgi scripts. Here are some common pitfalls you are likely to run into:
- Use the CGI/PHP Verification Tool - We have an On-Line Verification Tool that you can use to check your URL. It will report many common errors and give you tips on how to fix them. It is not capable of detecting all possible problems, but is definitely the first place to start.
- Program Coding Errors - You must make sure that your program doesn't contain errors. You should at least verify that the program runs without obvious errors when run from the command prompt. In order to test your script in the same environment as it is run via the web, you will need to ssh into the cgi server, cgi.luddy.indiana.edu and run it there. If you run it on some other system (like silo or tank) you may get different versions of things like python and perl.
- Improper Headers- Your cgi program must output the proper headers for the content you are generating and these headers must be the first thing your program prints. For example, if you are generating simple HTML content, the first thing your program outputs may look like the following:
Note that the Content-type: line must be followed by a blank line.
- Script Not Executable - Your cgi programs must be executables (ie. have the xpermission bit set). You can make sure this is set with something like:
- Script Writeable by Others- Your cgi programs must not be writeable by anyone else. Allowing group or world write permissions would meant that other people could edit your scripts and run anything they was as you which would open up all kinds of security issues. You can assume that your script is not writeable by other with:
$ chmod go-w somefile.cgi |
Permissions Problems - The permissions on your cgi scripts only need to be set so they are executable by you since they will be run as your username. However, the full path leading up to the script must be searchable by the apache server. The easiest way to do this is to make sure the /u/username/cgi-pub directory (and any sub-directories you create there) are world searchable. This can be done in a number of different ways but one simple way is as follows:
$ chmod go+x /u/username/cgi-pub $ chmod go+x /u/username/cgi-pub/somedirectory |
Owner/Group Problems - Your cgi scripts must be owned by you and the group must be your default group.
suEXEC Violations - The apache suEXEC Security Modelplaces constraints on your programs so you should confirm that you are meeting all the specified constraints. You can look for suEXEC errors in the suexec.log file on the cgi server as follows:
$ ssh cgi.luddy.indiana.edu <... then, once logged into the cgi server...> $ tail -f /var/log/apache2/suexec.log | grep username |
In this example, the grep for your username (and you need to replace username with your actual username) is done so you only see your errors and not the errors from every user of the system.
Incorrect Script Naming- By default, scripts must end with .cgi filename extension. If you want to have a cgi file without the .cgi extension, you can do this by creating a .htaccess file in the directory containing the script that contains something like this:
<Files somefile> SetHandler application/x-httpd-cgi </Files> |
In this example, you would replace somefile with the name of your cgi script.
Missing #! Script Header- If you are writing scripts (such as perl, python, bash, etc) you have to use the #! line to specify the program used to run the script. This must be the very first line of the script and you must make sure that there are no spaces before the line. For example, if you are writing a bash script, this line would be:
DOS format #! line - Unfortunately, there are text file differences between Windows and Linux that can cause problems if you are creating your scripts in Windows (eg. using Notepad) and copying them to the CGI server. If your script is failing, try to just run it from the command line and see if you get an error like this:
$ ./test.cgi : No such file or directory $ |
If you see that error (with nothing before the colon), then that almost always means that the .cgi file is a DOS mode text file. You can easily fix the problem using the dos2unix utility like this:
$ dos2unix test.cgi dos2unix: converting file test.cgi to UNIX format ... $ |
If All Else Fails - In many cases, if you are getting server errors you can determine the cause of the problem by looking at the apache error logs. In order to view the error log output you will first need to ssh to the cgi server, cgi.luddy.indiana.edu. Once you are logged in there you may find it helpful to tail the error log while you access your page looking for errors. For example:
$ ssh cgi.luddy.indiana.edu <... then, once logged into the cgi server...> $ tail -f /var/log/apache2/error.log | grep username |
In this example, the grep for your username (and you need to replace usernamewith your actual username) is done so you only see your errors and not the errors from every user of the system.
Please note that not all errors you may want to see will have your username in them. In order to see all possible errors, you can remove the grep of your username. Just keep in mind that this then means you will see all the errors from all users so it may be verbose.
Not all possible errors will show up in this log file but you should see errors related to a majority of the mistakes you are likely to make. Also see the section above about suEXEC errors and the associated suexec.log file where suEXEC errors will appear.