File Access and Permissions

The data in this section assumes that the CGI program is running in a multiuser environment with strict permission-based access privledges between users; specifically, this section assumes knowledge of Unix and Unix file permissions. This information probably will not pertain to single-user web servers such as Windows95 or WindowsNT.

The web server runs under a specific identity, which limits and controls which files the web server has access to. This is a good thing for many security reasons, but it can also be a nuisance at times. Many are accustomed to making their HTML files world-readable, which allows the web server process [which runs under a different user-id from the user who create the HTML files] to access the files and serve them up to the user accessing their page. The same must be done for CGI scripts. Since the scripts must be executed by the web server, they must analogously be world-executable. There may be other restrictions on CGI programs [for example: that they must end with ".cgi"]; see your web server's documentation for details.

Another important note regarding user identities as they relate to CGI programs is the fact that programs run as the user which started the process. So, a CGI program which is started by the web server will run with the identity of the web server, not with the identity of the user who created it. This is especially important for write-access to files. If a CGI program, written by the user "luser", relies on a file "cgidata" which luser has in her HTML-file directory, when it is run by the web server [with user-identity "www"], it will not have access to the "cgidata" file, unless luser made the file world-readable. If the CGI program is to write to the file, things get even worse. luser would not want to make the file world-writeable, since any other user on the machine could write to the file, which is a Bad Thing. But since the CGI program runs as www and not as luser, that is the only way to write to the file. Since most CGI application will want to write to files, there is a problem.

Fortunately, there exists a better solution. Unix has a special permission for programs called "setuid". This means that when the program is run, it runs with the identity of the user who owns the file, not the identity of the user executing the program. Thus, when the web server [user "www"] executes luser's program, it runs with luser's permissions. luser can then make the file user-write-able, and the program would have the ability to write to it, but other users would not. Use of the setuid bit is somewhat dangerous since it allows access to otherwise private files, but with care can be used to great advantage.