Head-Fi.org › Forums › Misc.-Category Forums › Members' Lounge (General Discussion) › CGI web programming help
New Posts  All Forums:Forum Nav:

CGI web programming help

post #1 of 4
Thread Starter 

I want to write a program where

 

-the user chooses to upload a file (I have this working)

 

-the CGI program slices and dices the file (this works)

 

-the website then presents the resulting file-chunks to the user as html links (I'm stumped on this)

 

 

The problem I have is that the webserver runs as user 'nobody'. The cgi-bin directory and programs in it are world-executable, but apparently the output from the cgi script when the webserver is executing it inherits the 'nobody' privileges so the CGI program can't write output anywhere. I can create a world-writable directory, but that seems like a Bad Idea. Now I'm thinking about creating a world-writable directory outside the web document root, then creating a world-readable directory inside the web root that links to the world-writable one, and putting links to that in my output. What is the actual correct thing to do?

post #2 of 4

Creating files via CGI is always an issue for exactly the reasons you state - you don't want an external user to have write access to anywhere on your server.  I don't know the "right" way to do it, but I know what I would do...

 

I would create a daemon process that your CGI program can communicate with.  The daemon runs via a service account user with permission to read/write to a specific directory.  Your CGI program passes the uploaded file to the daemon, and the daemon does all the real processing and file management.  Another CGI program (or the same one with different parameters) can be used to retrieve the resulting data files from the daemon.  

 

Of course, this assumes you have access to the server to create the daemon and the service account...  

 

Have you thought about what happens if the user bails out while the processing is taking place?  You might need to clean-up any messes left from incomplete processing or an impatient user.  Hopefully, your processing is quick enough that the user won't timeout waiting for your page of links to his results.

post #3 of 4
Thread Starter 

No, I haven't thought that far.

 

Right now the website works by dumping the files to a directory with 777 permissions. I created the file outside the web document tree, but put a soft link inside the document tree that I can link the user too. Trouble is, I thought I could give the softlink different permissions than the target, but it looks like I can't. I'm still kind of stumped. I know this isn't the proper way.
 

post #4 of 4

The other way to do it might be with a Java applet, but that has fallen out of favor.  It's been a long time since I have used a Java applet, and I don't remember how to do that anymore - or how the tighter security in web servers & browsers might have affected those methods.

 

If you had a database engine, you could use your CGI program to store the data in the database, then use a stored procedure in the database to do the processing and store the results in temp tables, and a CGI program to query for the results and write HTML back to the user.  I would probably use php for that - very easy to talk to the database using php.


Edited by billybob_jcv - 7/27/12 at 7:01am
New Posts  All Forums:Forum Nav:
  Return Home
Head-Fi.org › Forums › Misc.-Category Forums › Members' Lounge (General Discussion) › CGI web programming help