Applied Systems Programming
Return to Dr. Margush's page
Applied Systems Programming |
|
Course
Index Return to Dr. Margush's page |
-
Helpful info about debugging and VPN requirements for
off-campus access
We are using cgiwrap, a program that adds some level of security to running scripts behind our web servers. However, due to the number of servers that are accessing our filesystem, you must take steps to keep your script sources private. The main point is that when you install a script, you need to disallow all privileges (r, w, and x) to group and other level users.
To allow scripting in your unix account, you must create a directory named cgi-bin inside your public_html directory. The permissions on the cgi-bin directory should be drwx--x--x (i.e. 711). This is necessary to allow cgiwrap to find the script files.
Scripts, PERL files for now, should be placed in your cgi-bin directory. Script permissions should be -rwx------ (i.e. 700). Remember that the scripts are run (through cgiwrap) from your user account, so only the user needs read, write, and execute privileges. If you allow the world read-access, then other students will be able to view the source of your scripts. You will need to be very careful about this setting as it is NOT automatic! You may want to use an ftp client to upload your scripts, or you may create them directly while logged into your unix account.
Once a script is installed, you tell the web server you want to execute it using the following URL:
http://kemeny.cs.uakron.edu/cgi-bin/cgiwrap/unix000/scriptname.pl
In this URL, kemeny is but one of the possible servers running on our network, unix000 is your own unix ID, and scriptname.pl is an actual script in your cgi-bin directory.
Note: If you are trying to do this off campus, our servers are behind a firewall that accepts connections only from machines with an ip address starting with 130.101 (University of Akron). If you use a different ISP, you need to install and start VPN (virtual private networking) to access the servers.
After copying a script to your cgi-bin directory, CHECK the permissions and if you have allowed read access to the world, CHANGE it to -rwx------ ( chmod og-rwx u+x thescript.pl OR chmod 700 thescript.pl ).
The error log for the Apache server is accessible - You may find it helpful to determine the cause of the error when you try to run a script. The location is /usr/local/apache/error_log. This file is often quite large and as other students may be working on scripts at the same time, you may see their error messages as well as yours. The simplest way to examine errors is to open a fresh command shell in a separate window and use the tail command. This will allow you to see the information added to the end of the file as it is added. The proper syntax is
tail -f /usr/local/apache/logs/error_log
The -f option means follow changes (otherwise you just get the last 10 lines). Be sure you are logged into the same machine you use to test the script (errors reported by kay are in a different file from errors reported by knuth).
You can terminate the tail command by entering ^c in the shell where it is running.
Another helpful method is the use of a feature in the Carp.pm module (part of the CGI.pm installation). Carp is a module that contains utility routines for formatting error messages. By adding a single line to your Perl script, fatal errors in the script can automatically cause a valid HTML page to be generated - and often with a really helpful error message! Just add this line to the beginning of your script:
use CGI::Carp qw/fatalsToBrowser/;
In addition, non-fatal warnings can be added to the generated HTML source file in the form of a comment (you will not see them on the page, but if you view the source, you can see the warnings). To make this happen, add the following function call to your script AFTER the body tag has been printed (usually after the CGI.pm method header() is called)
#Note - this feature is relatively new and may not be available in # all Perl installations use CGI::Carp qw(fatalsToBrowser warningsToBrowser); ... warningsToBrowser(1); #a true argument enables this feature
That's all there is to it!