CGIwrap (http://wwwcgi.umr.edu/cgiwrap/) is a UNIX-based utility written by Nathan Neulinger that lets general users run CGI scripts without needing access to the server's cgi-bin directory. Normally, all scripts must be located in the server's main cgi-bin directory and all run with the same UID (user ID) as the Web server. CGIwrap performs various security checks on the scripts before changing ID to match the owner of the script. All scripts are executed with same the user ID as the user who owns them. CGIwrap works with ncSA, Apache, CERN, Netsite, and probably any other UNIX Web server.
Any files created by a CGI program are normally owned by the Web server. This can cause a problem if you need to edit or remove files created by CGI programs. You might have to ask the system administrator for help because you lack the proper auhorization. All CGI programs have the same system permissions as the Web server. If you run your Web server under the root user ID-being either very brave or very foolish-a CGI program could be tricked into erasing the entire hard drive. CGIwrap provides a way around these problems.
With CGIwrap, scripts are located in users' public_html/cgi-bin directory and run under their user ID. This means that any files the CGI program creates are owned by the same user. Damage caused by any security bugs you may have introduced-via the CGI program-will be limited to your own set of directories.
In addition to this security advantage, CGIwrap is also an excellent debugging tool. When CGIwrap is installed, it is copied to cgiwrapd, which can be used to view output of failing CGIs.
You can install CGIwrap by following these steps:
Tip You can find additional information at the http://www.umr.edu/cgiwrap/install.html web site.