The CGI-wrapper can be used to run CGI programs with another userid/groupid then the one of the webserver. It can also be used to run the CGI program in a chrooted environment. The configuration of the CGI-wrapper is placed in the file cgi-wrapper.conf which is located in the Hiawatha configuration directory. Each CGI wrapping has to be configured via a Wrap option. The format of the 'Wrap' option is:
Wrap = <id of this wrap>:<CGI root directory>:<userid to change to>
The CGI-wrapper will only execute programs that are located within the CGI root directory. If the specified CGI root directory contains a pipe-sign, the part before the pipe will be used as a chroot directory. The CGIhandler option can be used to specify programs outside the CGI root directory which the CGI-wrapper is also allowed to execute, such as the php-cgi program. If you use a chrooted wrap (the pipe-sign), make sure the right CGIhandlers are also available inside this chroot directory.
# cgi-wrapper.conf CGIhandler = /usr/bin/php5-cgi CGIhandler = /usr/bin/perl Wrap = wrap_id:/var/www:hugo Wrap = chroot:/usr/chroot|www:hugo
Use the WrapCGI option to bind a 'wrap' to a virtual host.
# hiawatha.conf CGIwrapper = /usr/sbin/cgi-wrapper VirtualHost { ... WrapCGI = wrap_id } VirtualHost { ... WrapCGI = chroot }