The University of Arizona


Using the CGI server

The CGI server lets you publish pages on the Web with dynamic content. Here's a simple example.

CGI stands for for Common Gateway Interface, a protocol for web servers to run programs (or "scripts"). Scripts can be written in any language as long as the script follows the CGI protocol, though interpreted languages like Perl, Tcl, and Python are popular choices.

The server software is Apache running on Ubuntu.

Languages and libraries

The CGI server supports several interpreted languages and libraries for these languages:

The pathnames to the various interpreters are the same as on lectura, or other department Linux machines. For instance the Bourne shell is at /bin/sh and the Perl interpreter is at /usr/bin/perl (or /usr/local/bin/perl).

Your CGI directory on the server

Your status as a CS major automatically provides a CGI area:
URL =<username>
where <username> is your CS username. Your cgi area is accessible from most departmental hosts via /cs/cgi/people/<username>.

Installing CGI scripts

On Linux systems, the pathname of your scripts area is:


CGI scripts must reside in your public_html directory (or a subdirectory of your public_html directory). You can use your /cs/cgi/people/<username> directory (if desired) for ancillary files used by your scripts. The CGI server does not mount other exported filesystems, so files in your home or other NFS-mounted directories are not available.

Running CGI scripts

The CS cgi server uses suexec to make your CGI scripts run "as you", i.e. under your own UID and your primary GID. Therefore your scripts are able to read and write files you own in /cs/cgi/people/<username>.

File permissions

Note that your scripts must be owned by you, and the group ownership on them has to be your primary group. Your primary group is the first group in the list returned for you by the groups command on the department Linux machines.

In addition, your script directories must be world-executable (o+x on linux) in order to enable the web-server to find the directory entry for your script, and they group ownership must be the same as your scripts (your primary group). However your scripts do not need to be world readable or executable.

Note also that suexec requires that scripts are not group writable. Your public_html directory and all directories under it which contain scripts must also not be group-writeable.

This is done for security purposes, the logic of this is that the cgi server will not run your script as you, if it cannot ensure that you are the only one who can write to it, and to its directory.

Debugging CGI scripts

Whenever the server runs a CGI script it writes records to /cs/cgilogs/other_vhosts_access.log. You can check this file to see what was run, when it was run, the IP address of the client machine that ran it, and whether the script ran successfully or not.

The server software usually returns a cryptic error message if there is something wrong with your script. The server's error log, /cs/cgilogs/error.log or the server's suexec log, /cs/cgilogs/suexec.log may shed more light.


A poorly-written script can compromise the security of your files on the CGI server and could even compromise security on other machines in the department. Lincoln Stein has an excellent discussion of the potential security problems with CGI scripts and how you can reduce those problems.

If nothing else, you must be careful not to trust any input data a user provides to your script. The CGI Programming MetaFAQ has a number of FAQs and pointers to articles on security. For Perl scripts see Lincoln Stein's notes on safe scripting in Perl.

Last updated October 10, 2014, by Tom Lowry
Send questions about this page to