Can any Linux guru out there confirm if the default setup for cgi-bin directories on a Linux web hosting system is to allow only execution of scripts in a cgi-bin diry?

In other words, that html files, gif, jpg etc placed into a cgi-bin diry will simply return error 403 forbidden?

And that if a script needs to access html, images etc then these files should be outside cgi-bin (or its subdirectories)?

That is what is currently happening on a system we use, but it definitely was _not_ happening before! (html and images etc were viewable as if they were in the website's home diry).

Some Apache setting must have changed somewhere I guess but not sure what!

You do not need a cgi-bin on a raq. That means you can run your cgi scripts wherever you want.

Tks for your input microsol but I wasn't asking that (it's not a raq by the way). It's info about the standard config I'm after.

Anyone?

There really isn't any way to tell you exactly what your particular server's default settings should be. This will depend on:

- What distribution of Linux you are refering to
- Who provides your server and have they used the default settings or added their own customizations

Among other things...

Personally I would never run a cgi-bin any other way: it should only serve scripts and nothing else. It should also be the only directory scripts are allowed to be executed from, and finally suEXEC must be used (IMO).

At any rate, if the behavior has changed, then someone has been in your config files. You'll want to find exactly who changed what, and probably ask them not to do that again :) Another possibility *might* be that someone has changed permissions on some files/directories; for example, if you're using the x-bit hack (not likely), you could easily have broken ordinary files from being served... also if the directory permissions have been changed, it could affect how files are served/executed, but the specifics depend on many aspects of your configuration.

I think your best bet will be to contact the administrator of the server; if you are he, then go through your configuration files carefully. If you don't know how to do this, well... I suggest hitting Apache.org and learning.