HOWTO: CGI wrapper

The CGI-wrapper can be used to run CGI programs with another userid/groupid then the one of the webserver. It can also be used to run the CGI program in a chrooted environment. The configuration of the CGI-wrapper is placed in the file cgi-wrapper.conf which is located in the Hiawatha configuration directory. Each CGI wrapping has to be configured via a Wrap option. The format of the 'Wrap' option is:

Wrap = <id of this wrap>:<CGI rootdirectory>:<userid to change to>

The CGI-wrapper will only execute programs that are located within the CGI rootdirectory. If the specified CGI rootdirectory contains a pipe-sign, the part before the pipe will be used as a chroot directory. The CGIhandler option can be used to specify programs outside the CGI rootdirectory which the CGI-wrapper is also allowed to execute, such as the php-cgi program. If you use a chrooted wrap (the pipe-sign), make sure the right CGIhandlers are also available inside this chroot directory.

# cgi-wrapper.conf
CGIhandler = /usr/bin/php5-cgi
CGIhandler = /usr/bin/perl

Wrap = wrap_id:/var/www:hugo
Wrap = chroot:/usr/chroot|www:hugo

Use the WrapCGI option to bind a 'wrap' to a virtual host.

# hiawatha.conf
CGIwrapper = /usr/sbin/cgi-wrapper

VirtualHost {
    ...
    WrapCGI = wrap_id
}

VirtualHost {
    ...
    WrapCGI = chroot
}