I’ve created a cgi-bin for my site and can get my perl cgi to execute properly. However, I have other files in there (.txt for example) that I don’t want users to be able to read.

I’ve tried several different permission combinations with no luck. I’d prefer to set cgi-bin with the correct permissions to run cgi’s (.cgi, .pl, .py) but NOT allow users to view contents of other files. Do I have to do this on a file by file basis or can I set it on the cgi-bin?


What exactly are you talking about? There are users and then their are web site visitors. If you don’t want other users to read files, then on a file by file basis set the public permissions to 0.
In other words instead of 644 use 640 for data files.

As for as web site visitors, don’t put the data files in a web-accessible directory. What I mean is put them in /home/username/data instead of /home/username/ - also make sure any CGI scripts can’t be used to modify these files, such as a “file editor” for a blog/CMS application.

You can use a per-directory configuration file in an attempt to get the web server to block requests for certain types of files - but guess what happens if your .htaccess file goes missing.

:cool: -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7

Thanks for your reply. I admit, my question was pretty poor and ambiguous. I meant web site visitors.

As you suggested, I put my additional files (my perl modules) in my home directory. I was just a little confused where that was as I only started working my DreamHost account a few days ago.

Thanks again!

I have read

how can I copy these file (php.cgi and php.ini)

couse I can’t access this root
cp /dh/cgi-system/php5.cgi
cp /etc/php5/cgi/php.ini

please help me

~$ locate php5.cgi
~$ locate php.ini


how can I access the location with FTP ?

please help me
I need it to disable register_global
and run this script

source script

thanks before

You cannot access that location via FTP (those files are above your user directory in the directory tree), you can access, and copy, them via the shell.

If all you are trying to do is disable register_globals, the easiest way to do that is to just change your domain to use PHP5 instead of PHP4. You can do this from the Control Panel -> Domains -> Manage Domains screen. Click the “Edit” link beneath the “Web Hosting” column for the domain in question and edit the choice of PHP to use in the next screen that appears.

Mr. Rat’s amazon scripts are written in perl, and your php version in use, or its settings, have no bearing on their operation.