This problem is really simple, I guess. But I’ve searched documentation and forums without success …
I want to be able to run Perl scripts under Apache. I.e.: the user goes for the page http://myserver.com/info, a Perl script is run, and the script output returned to the user. Very much similar to awstats.pl .
This should happen also for external visitors to the web site. The web site in question (myserver.com) is run as a Virtual Server under Virtualmin.
I would like to place my scripts in another folder than cgi-bin .
Thanks, it works for me. I’m migrating a planner program from another installation to Virtualmin. There I had one folder with both Perl scripts and various support files, e.g. configuration files. As I understand it, with your suggestion, I need to have the Perl files to be run as cgi-scripts in the cgi-bin folder, and place the other files in another folder. Is this true?
Isn’t it possible to place Perl files, meant to be run as cgi-scripts, in a custom folder?
Thanks for your recommendation. I fully understand the advantages of having executable scripts in one location - and configuration and data files somewhere else.
But the planner program I have running on my older platform have all relevant files in one folder: executable perl files, picture files meant to be shown in the web page, data, and configurations files. And it’s quite a challenge to change this.
So for just this program, I would much prefer to change the configuration, as you suggest. I’ve tried making a custom folder “/home/myvirtualserver/public_html/planner” and allowing ExecCGI for this. But suexec fails with messages like: [2024-11-21 22:35:05]: uid: (1005/myvirtualserver) gid: (1005/myvirtualserver) cmd: test.pl [2024-11-21 22:35:05]: target uid/gid (1005/1005) mismatch with directory (1005/1005) or program (0/0)
File ownership is wrong. SuExec protects you from dangerous mistakes like that. Files must be owned by the domain user:group.
SuExec won’t protect you from accidentally putting sensitive non-executable files in that location, though, so be careful. An attacker may be able to read files that aren’t handled via some exec mechanism.
Thanks - again! - for a quick reply. And yes, from a security perspective this is not the best way to go.
As far as I can see the file ownerships are correct: $ ls -n /home/myvirtualserver/public_html/planner/* total 8 -rwxr-xr-x 1 1005 1005 281 Nov 21 20:23 test.pl -rw-r--r-- 1 1005 1005 11 Nov 21 20:16 test.txt $ ls -nd /home/myvirtualserver/public_html/planner drwxr-xr-x 2 1005 1005 4096 Nov 21 20:23 /home/myvirtualserver/public_html/planner $ grep 1005 /etc/passwd myvirtualserver:x:1005:1005:My Virtual Server:/home/myvirtualserver:/bin/bash $ grep 1005 /etc/group myvirtualserver:x:1005:www-data $ head /etc/apache2/sites-available/myvirtualserver.dk.conf <VirtualHost 192.168.1.136:80 [fde5:50d6:4f63:0:be24:11ff:fe76:a985]:80> SuexecUserGroup myvirtualserver myvirtualserver ServerName myvirtualserver.dk ...