Please help me! I can't get arround a CGIWrap error. I have tons of Perl script that just won't work!

How do I configure my server so I don't have to reconfigure my perl scripts? I'm currently in the process of looking for similar scripts writen in PHP just so they'll work...

Thank You!



Almost forgot!:

CGIWrap encountered an error while attempting to execute this script:

Error Message: Permission denied
Error Number: 13
This message usually indicates there is a problem with the script itself. Often this indicates either that the #! line of the script is incorrect, or the script was uploaded in binary mode instead of ascii mode. Check to make sure that the script does not have control-M's at the end of every line. That will prevent it from executing. An easy fix that takes care of this most of the time is to put '#!/.../perl --' instead of '#!/.../perl' on the first line of the script.
If you are not the owner of this script, please forward this error and the URL that caused it to the script owner. That is often the component in the URL right after /cgiwrap/.

Well, as the error report says, did you upload the script in ascii mode? Are you uploading the script to a directory with a user who has permission to upload to that directory? Usually the second is the problem and people try to upload scripts into places they don't own. You can chown the files to the proper person or reupload the file using the correct user.

Yes, first step is to check permissions just like Chicken said. In case this does not work - and for every one else with CGI wrap problems, I just take this opportunity to point out how to 'debug' a CGI-wrap script - well debug might not be the right word - get some more error information out a script.

Lets say you are trying to execute the file
http://www.domain.com/test/test.cgi

To get extended debug information just

http://www.domain.com/cgiwrapDir/cgiwrapd/test/test.cgi


The cgiwrapDir/cgiwrapd is entered just after the domain name

When we had cobalts we had so many problems with CGIWRAP, it will give you errors if you dont upload in ascii, if your permissions are wrong, if its owned by root or someone else, if it doesnt begin with #!/usr/bin/perl and so many other things, we disabled cgiwrap and enabled normal perl...

Heh well yes, most of those things will cause errors. I don't think those are necessarily bad though.

I am fairly new to the Unix enviroment; how would I disable CGI-Wrap?

The permissions are set properly... I will reupload in ASCII... I think I uploaded it that way to begin with.

Tommy

in /etc/httpd/conf/httpd.conf
find the line in your Virtual Host entry that says:
addhandler cgi-wrapper .cgi
addhandler cgi-wrapper .pl

and replace them with
addhandler cgi-script .cgi
addhandler cgi-script .pl

If you do not want to disable cgiwrap for all scripts, you can leave the entries in your httpd.conf file and add:
addhandler cgi-script .cgp

beneath the other entries.

(use any extension you want. rename your script with .cgp - of course a series of scripts that work together and look for each other may make this less feasible.)

If it is a popular script like FormMail.pl or something, it might be better to rename it anyway - since many cracker scripts are scanning for the name FormMail.pl and not FormMail.cgp. If you disable cgiwrap completely, the cracker would find FormMail.pl and it would be without the protection of cgiwrap!

will I run in to any other security problems if I disable the wrapper... what is its amin purpose... if it is easier to do like this...

CGIwrap provides a security layer for CGI scripts in a shared environment. It makes CGIs run with the permissions of the script owner only, and will not allow scripts owned by root to run at all.

So, like others have said, check the script permissions and ownership. Those are usually the major cause of problems on the RaQ.

It's there for a reason. Disable it with care, unless you know you can 100% trust every user on every site who puts CGIs on the box. Yes, it might make things easier, but much less secure. Almost any script imaginable should be able to run under CGIwrap. If not, the script is doing something potentially sneaky and/or dangerous, and you should fully review it. if you deem it's ok, you can disable CGIwrap for that individual vsite...

FYI, full info can be found at the CGIWrap homepage: http://cgiwrap.unixtools.org/

Some informative (albeit slightly "old") articles about CGIWrap specific to Cobalt RaQs are at http://www.evolt.org/article/Cobalt_RaQ_Servers_and_CGIWrap/18/13149/ and http://users.libero.it/hpstr/

Bruce...
Thank you for the help before... I figured out why I was getting acdess denied and also why the files werewnt even there... not to mention why the DNS wasnt resolving... but the cgiwrap
!!! what in the world... I am still having hard time.. I get script file not found permision denied... from
http://www.iopc.biz/cgi-bin/create.cgi
when I chown root cgiwrap
no such file or directory found
at least I know that I can chmod the permsisions on the files alright... thanks for the link... it is very informative... ... could you give me some feedback here.. it would be appreciated...

Jeff

You can't/don't need to chown cgiwrap; you need to chown your CGI scripts.

And you can't chown root and expect it to work. That's specifically what CGIWrap is supposed to prevent. :)

You want to

cd /home/sites/www.iopc.biz/web/cgi-bin/

and then

chown user create.cgi

where user is a valid username for the virtual site www.iopc.biz (note: you might need to actually be root when you do the chown command, depending on who the current owner is).