How to change alias in virtualmin of cgi-bin when setting up new doman

I want the people to be able to run it out of a directory named cgi-bin in the public_html direcotry. I can create a cgi-bin in /etc/skel so that the directory gets made, but what do I have to do in virtualmin so that on default it allows cgi-scripts to run under [[b]]public_html or public_html/cgi-bin ?

Hello, anyone have an answer for this? is it as simple as removing the scriptalias out of the server directives and adding a directory for the cgi-bin to the public_html and adding a cgi-script handler with the extension of cgi then chmod public_html/cgi-bin to 755 as well as the files in it, or is it more difficult then that?

It just seem rather confusing to new users, especially with complicated scripts that intermingle pm files and image files in the same directories. I would assume that if a script said to put your admin folder in your cgi-bin directory you would put the whole admin folder in there, even though there are images, and pm files and an assortment of other files.
Is this correct?

On the last server I leased, there was a physical cgi-bin directory in the root directory where your cgi and pl files went, it was easy for people to understand that was where they put those files.

Whats the point of having the cgi-bin below the root directory by the way? Does it protect them somhow or is it to do with susexec and permissions?

How do I change it in suse 10.0 running virtualmin pro?

Hi Adam,

I’m not an expert on these issues, but i believe that the cgi-bin is setup like that by Virtualmin because it is the most secure way to operate.

You could move the cgi-bin to /public_html/cgi-bin but i think this opens up security issues (maybe somebody can explain what). Certainly allowing cgi’s to be exec’d directly in /public_html is a very bad idea.

However if you do want to change it, you first create the dir in /etc/skel where you want it to be. Then comment out ScriptAlias apache directive in the server template you’re changing (or the default template).

ScriptAlias /cgi-bin/ ${HOME}/cgi-bin/

Make sure the permissions on the cgi-bin are correct, normally 755

I think that should be all you need, but i’m not sure whether its a good idea…

Chris

These two pages shed some light on the issue:

http://httpd.apache.org/docs/2.2/howto/cgi.html

http://www.w3.org/Security/Faq/wwwsf4.html

The main reason to separate out CGI scripts into their own directory is so they can be designated as executable instead of files to download and/or display (i.e. as text or HTML). And traditionally, the reason to keep them out of public_html is simply to provide tighter control on who can upload them to your web site. From the FAQ I posted above:

<BlockQuote>
<B>Q2: Is it better to store scripts in the cgi-bin directory, or to store them anywhere in the document tree and identify them to the server using the .cgi extension?</B>

Although there’s nothing intrinsically dangerous about scattering CGI scripts around the document tree, it’s better to store them in the cgi-bin directory. Because CGI scripts are such potentially large security holes, it’s much easier to keep track of what scripts are installed on your system if they’re kept in a central location rather than being scattered around among multiple directories. This is particularly true in an environment with multiple Web authors. It’s just too easy for an author to inadverently create a buggy CGI script and install it somewhere in the document tree. By restricting CGI scripts to the cgi-bin directory and by setting up permissions so that only the Web administrator can install these scripts, you avoid this chaotic situation.

There’s also a risk of a hacker managing to create a .cgi file somewhere in your document tree and then executing it remotely by requesting its URL. A cgi-bin directory with tightly-controlled access lessens the possibility of this happening.
</BlockQuote>