{"id":8406,"date":"2014-12-04T18:42:54","date_gmt":"2014-12-04T18:42:54","guid":{"rendered":"https:\/\/wp.okra.host\/article\/cgi-and-fastcgi-permissions\/"},"modified":"2021-03-07T14:09:35","modified_gmt":"2021-03-07T13:09:35","slug":"cgi-and-fastcgi-permissions","status":"publish","type":"ht_kb","link":"https:\/\/kb.okra.host\/de\/article\/cgi-and-fastcgi-permissions\/","title":{"rendered":"CGI and FastCGI permissions"},"content":{"rendered":"<h2 id=\"overview\" >\u00dcbersicht<\/h2>\n<p>All CGI and FastCGI requests operate as the owner of the file and\u00a0require heightened security to limit\u00a0malicious behavior. There are a few guidelines that must be adhered to when a CGI or FastCGI script, ending in <em>.cgi<\/em>, is accessed on your hosting account:<\/p>\n<ol>\n<li>File permissions <span style=\"text-decoration: underline\">must be<\/span> 755 (u=rwx,g=rx,o=rx)\n<ul>\n<li><em>Group<\/em>, <em>Other<\/em> cannot have write permissions to inject unsafe code into your CGI script<\/li>\n<li><em>Other<\/em> (web server) must be able to access the file before<\/li>\n<\/ul>\n<\/li>\n<li>Directory permission of the folder in which the CGI script resides\u00a0<span style=\"text-decoration: underline\">must be<\/span> 755 (u=rwx,g=rx,o=rx)\n<ul>\n<li><em>Group<\/em>,\u00a0<em>Other<\/em> cannot create other files in the directory that may be sourced as CGI scripts<\/li>\n<li><em>Other<\/em> (web server) must be able to\u00a0open the directory to satisfy the request before wrapping with suEXEC<\/li>\n<\/ul>\n<\/li>\n<li>File owner <span style=\"text-decoration: underline\">must match<\/span> directory owner\n<ul>\n<li>Prevents injection of arbitrary CGI scripts by other users into the same directory (<em>see #2 above<\/em>)<\/li>\n<\/ul>\n<\/li>\n<li>Datei <span style=\"text-decoration: underline\">must be<\/span> executable from the shell\n<ul>\n<li>suEXEC runs script in its process space via a <a href=\"http:\/\/linux.die.net\/man\/2\/execve\">execve<\/a> system call<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><a title=\"Eine \u00dcbersicht \u00fcber Berechtigungen\" href=\"https:\/\/kb.okra.host\/de\/guides\/permissions-overview\/#changing\">Permission changes<\/a> may be made either via FTP or\u00a0<strong>Dateien<\/strong> &gt;\u00a0<strong>Datei-Manager<\/strong> innerhalb der <a title=\"Anmeldung am Bedienfeld\" href=\"https:\/\/kb.okra.host\/de\/control-panel\/logging-into-the-control-panel\/\">Bedienfeld<\/a>. To evaluate whether a script works from the shell, it should consist of a shebang at the start of the file, generally in the form\u00a0<code>#!\/usr\/bin\/exec args<\/code>. Examples of common shebangs include:<\/p>\n<ul>\n<li>Python:\u00a0<code>#!\/usr\/bin\/env python<\/code><\/li>\n<li>PHP:\u00a0<code>#!\/usr\/bin\/php -q<\/code><\/li>\n<li>Perl: <code>#!\/usr\/bin\/perl<\/code><\/li>\n<li>Bash (shell script):\u00a0<code>#!\/bin\/sh<\/code><\/li>\n<\/ul>\n<p><span style=\"color: #0000ff\">Note:\u00a0these all have #! in common on the first line. This notation is called the &#8220;shebang&#8221; and follows the pattern: &lt;shebang&gt;&lt;path to executable&gt; followed by a Unix-style newline (n). If a shebang\u00a0follows with a Mac or Windows-style EOL marker (r and rn respectively), the script will fail. EOL markers may be <a href=\"https:\/\/kb.okra.host\/de\/control-panel\/changing-eol-markers\/\">changed<\/a> within the control panel.<\/span><\/p>\n<h2 id=\"see-also\" >Siehe auch<\/h2>\n<p><a title=\"Eine \u00dcbersicht \u00fcber Berechtigungen\" href=\"https:\/\/kb.okra.host\/de\/guides\/permissions-overview\/\">\u00dcbersicht der Berechtigungen<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Overview All CGI and FastCGI requests operate as the owner of the file and\u00a0require heightened security to limit\u00a0malicious behavior. There are a few guidelines that must be adhered to when a CGI or FastCGI script, ending in .cgi, is accessed on your hosting account: File permissions must be 755 (u=rwx,g=rx,o=rx)&#8230;<\/p>","protected":false},"author":1,"comment_status":"close","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[55],"ht-kb-tag":[],"class_list":["post-8406","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-cgi-passenger"],"_links":{"self":[{"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/ht-kb\/8406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/comments?post=8406"}],"version-history":[{"count":1,"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/ht-kb\/8406\/revisions"}],"predecessor-version":[{"id":8407,"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/ht-kb\/8406\/revisions\/8407"}],"wp:attachment":[{"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/media?parent=8406"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/ht-kb-category?post=8406"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/kb.okra.host\/de\/wp-json\/wp\/v2\/ht-kb-tag?post=8406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}