pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

enabling perl

Thu May 02, 2019 3:12 pm

As a relative newbie I'm tearing my hair out trying to run a perl script in Apache. (This works OK on my website hosted by Plusnet). PHP seems to be OK.
The rest of the website works fine as localhost, and seems agreeably snappy.
I realise I have to use Addhandler perl-script ,pl or something similar in the appropriate file but am confused by references to httpd.conf and Apache2.conf which is it?
I think I have installed perl correctly.
I would be really grateful to be pointed in the right direction.
I am using the latest Pi 3B+ and the full Raspbian from NOOBS

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: enabling perl

Thu May 02, 2019 3:38 pm

Have you install libapache2-mod-perl2 ?
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

Re: enabling perl

Thu May 02, 2019 6:09 pm

No.
I installed this:
apt -y install perl libcgi-pm-perl

Is this wrong?

knute
Posts: 424
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: enabling perl

Thu May 02, 2019 6:20 pm

You don't need either file.

sudo apt install apache2

sudo a2enmod cgid

sudo systemctl restart apache2

create your perl script and put it in /usr/lib/cgi-bin

set owner and group to www-data: sudo chown www-data:www-data

set executable: sudo chmod 750

point your browser to: localhost/cgi-bin/test.pl if that is the name of your script

Here is a simple test script:

Code: Select all

#!/usr/bin/perl

print <<EOT
Content-Type: text/html

<html>
    <head>
        <title>test.pl</title>
        <style>
            h1 {
                text-align: center;
                font-family: sans-serif;
                color: blue;
            }
        </style>
    </head>
    <body>
    <h1>test.pl</h1>
    </body>
</html>
EOT

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: enabling perl

Thu May 02, 2019 6:23 pm

libcgi-pm-perl is an excellent module that makes writing Perl common gateway interface programs easier. It's not the stuff to get Perl running under Apache2.

mod_perl makes running Perl CGI programs easier as you don't have to worry about ownership and can run /home/pi/public_html with that one.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

knute
Posts: 424
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: enabling perl

Thu May 02, 2019 7:37 pm

DougieLawson wrote:
Thu May 02, 2019 6:23 pm
libcgi-pm-perl is an excellent module that makes writing Perl common gateway interface programs easier. It's not the stuff to get Perl running under Apache2.
Can you point me to some documentation on libcgi-pm-perl? I'm clearly not looking in the right place.

Thanks!

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: enabling perl

Thu May 02, 2019 9:49 pm

Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

Re: enabling perl

Fri May 03, 2019 12:42 pm

Thanks Douglas
Now installed libapache2-mod-perl2.
Now just serves up a copy of the script.
Clearly need more intervention, presumably Addhandler etc, or perhaps some specific enabling.
But what, how and where?

Appreciating the help - but thinking Linux is evil!

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: enabling perl

Fri May 03, 2019 1:31 pm

Have you got these directives enabled in /etc/apache2/conf-enabled/serve-cgi.conf

Code: Select all

<IfModule mod_alias.c>
        <IfModule mod_cgi.c>
                Define ENABLE_USR_LIB_CGI_BIN
        </IfModule>

        <IfModule mod_cgid.c>
                Define ENABLE_USR_LIB_CGI_BIN
        </IfModule>

        <IfDefine ENABLE_USR_LIB_CGI_BIN>
                ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
                <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                        Require all granted
                </Directory>
        </IfDefine>
</IfModule>
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

Re: enabling perl

Fri May 03, 2019 3:18 pm

Hi Douglas
Yes - my code for serve-cgi-bin.conf is:


<IfModule mod_alias.c>
<IfModule mod_cgi.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>

<IfModule mod_cgid.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>

<IfDefine ENABLE_USR_LIB_CGI_BIN>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
</Directory>
</IfDefine>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

However, perhaps I should point out that the scripts are not in cgi-bin (for historical reasons) but are required to run from other directories.

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: enabling perl

Fri May 03, 2019 3:33 pm

So try this simple /usr/lib/cgi-bin/test.pl program

Code: Select all

#!/usr/bin/perl

use strict;
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);

print header;
print start_html("Environment");

foreach my $key (sort(keys(%ENV))) {
    print "$key = $ENV{$key}<br>\n";
}

print end_html;
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

Re: enabling perl

Fri May 03, 2019 4:24 pm

Not clear how to use this,
Copied and saved where indicated, but doesn't seem to do anything when clicked to execute.
Permission to execute not originally enabled but changed with chmod +x, but still nothing.
What should happen - output in browser, or in terminal or ?
Direct execution from filer did nothing.

When typed into terminal got a ream of stuff starting thus:
[email protected]:~ $ /usr/lib/cgi-bin/test.pl


Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Environment</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
DBUS_SESSION_BUS_ADDRESS = unix:path=/run/user/1000/bus<br>
DESKTOP_SESSION = LXDE-pi<br>
DISPLAY = :0.0<br>
GDMSESSION = lightdm-xsession<br>
GPG_AGENT_INFO = /run/user/1000/gnupg/S.gpg-agent:0:1<br>
HOME = /home/pi<br>
INFINALITY_FT_AUTOHINT_HORIZONTAL_STEM_DARKEN_STRENGTH = 10<br>
INFINALITY_FT_AUTOHINT_INCREASE_GLYPH_HEIGHTS = true<br>

............................................................

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: enabling perl

Fri May 03, 2019 5:35 pm

Run that as a web CGI program and you'll prove it's working.

http://127.0.0.1/cgi-bin/test.pl
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

Re: enabling perl

Mon May 06, 2019 10:09 am

DougieLawson wrote: Run that as a web CGI program and you'll prove it's working.

http://127.0.0.1/cgi-bin/test.pl
Sorry that's no go.

The requested URL /cgi-bin/test.pl was not found on this server.

Replaced 127.0.0.1 wth localhost IP 192.168.0.7 with same result.

Think I need to take time out and have a good read. Something is obviously not enabled.

knute
Posts: 424
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: enabling perl

Mon May 06, 2019 8:10 pm

I didn't compile it myself but I got it running with the info here: https://perl.apache.org/docs/2.0/user/i ... _fast.html

There is however an error in their configuration file and it won't work with it. That took me a while to figure out. If you want instructions let me know.

pearcecg
Posts: 17
Joined: Wed Oct 31, 2012 10:21 am

Re: enabling perl

Thu May 09, 2019 12:23 pm

It seems that CGI in other directories is disabled by default in Apache 2.4!

sudo a2enmod cgi

and

Options +ExecCGI
Addhandler cgi-script .cgi .pl
in Apache2.conf

sorted it.

knute
Posts: 424
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: enabling perl

Thu May 09, 2019 5:11 pm

pearcecg wrote:
Thu May 09, 2019 12:23 pm
It seems that CGI in other directories is disabled by default in Apache 2.4!
apache can't access files that it doesn't own or have permission to access. You can put the cgi files anywhere you want as long as apache can read and/or execute them.
sudo a2enmod cgi

and

Options +ExecCGI
Addhandler cgi-script .cgi .pl
in Apache2.conf

sorted it.
That's not using mod-perl2 then, it's just regular CGI with perl. You don't need to modify apache2.conf if you follow the instructions I gave above.

tpyo kingg
Posts: 555
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: enabling perl

Thu May 09, 2019 5:26 pm

knute wrote:
Thu May 09, 2019 5:11 pm
... if you follow the instructions I gave above.
Some of those instructions are unsafe. The script should not be owned by www-data, in the group www-data, or in any way writable by the account www-data. That account exists to keep Apache2 from being able to do more than read anything . Yes, there are some use-cases where writing is necessary to data but never to executables. This goes beyond the principle of least privilege and one needs to think in terms of Write XOR Excecute. Choose one or the other but not both. It is enough that the web server's account be able to read the script and that the web server's configuration file has been set to allow access. That and, as reported, CGI needed to be turned on within Apache2.

Another option is FastCGI which interacts with the server via sockets but can otherwise use perl's CGI module. That's a little different to set up and there are several methods for how to do it.

knute
Posts: 424
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: enabling perl

Thu May 09, 2019 9:34 pm

tpyo kingg wrote:
Thu May 09, 2019 5:26 pm
knute wrote:
Thu May 09, 2019 5:11 pm
... if you follow the instructions I gave above.
Some of those instructions are unsafe. The script should not be owned by www-data, in the group www-data, or in any way writable by the account www-data.
You could make the script readable and executable and not writable by the owner www-data but it is unclear to me what risk that would prevent. And every file in /bin and /usr/bin is writeable and executable by the owner. I suggested he only make the script executable by www-data.
That account exists to keep Apache2 from being able to do more than read anything .
Yes
Yes, there are some use-cases where writing is necessary to data but never to executables. This goes beyond the principle of least privilege and one needs to think in terms of Write XOR Excecute. Choose one or the other but not both.
I agree with that and again I never suggested he make his script writable by anybody except the owner.
It is enough that the web server's account be able to read the script and that the web server's configuration file has been set to allow access.
That's not actually true. It has to executable by www-data or it won't get executed. That can be accomplished by having www-data own it and having the owner's execute flag on or having it world executable and owned by anybody. I'm not sure I want the world to be able to execute my script.
That and, as reported, CGI needed to be turned on within Apache2.
I suggested he use cgid rather than cgi as the module to enable scripts. I think he should do that because of this documentation I found:
Apache Module mod_cgid wrote: On certain unix operating systems, forking a process from a multi-threaded server is a very expensive operation because the new process will replicate all the threads of the parent process. In order to avoid incurring this expense on each CGI invocation, mod_cgid creates an external daemon that is responsible for forking child processes to run CGI scripts. The main server communicates with this daemon using a unix domain socket.

This module is used by default instead of mod_cgi whenever a multi-threaded MPM is selected during the compilation process. At the user level, this module is identical in configuration and operation to mod_cgi. The only exception is the additional directive ScriptSock which gives the name of the socket to use for communication with the cgi daemon.
So if you don't think www-data should own the scripts in cgi-bin, who do you think should own them and what permissions do you think they should have?

Return to “Troubleshooting”