Feb 032011
 

tux-apacheSometimes it can be useful with a simple CGI to show the contents of a directory, or run a command with some parameters.
If you are a programmer you probably will think at a elegant and practical solutions in Java, Ruby or PHP, but for a system administrator may be convenient to make a simple bash program, a language he’s using everyday.

Let’s see how to use the bash we use usually on the terminal in a CGI program.

All these examples must be put in a file with execution permission (by the webserver) and put on your CGI directory, in Apache this is the directory indicate with the directive ScriptAlias.

Basic Cgi

One important thing to remember is that we need to identify the MIME type of the page, that is the type of data that we transmit for example it could be text/plain, text/html or application/xml.

Otherwise we will have an error on the webserver with a message such as “Malformed header”.

#!/bin/bash
echo "Content-Type: text/plain"
echo
echo "Today is:"
date

The MIME is identified with the 2 echo the first set the content-type and the second it’s needed to send a blank line, that second line it’s required or you’ll get an error from the webserver.

Same example but in html:

#!/bin/bash
        echo "Content-Type: text/html"
        echo
        echo "<HTML><BODY>"
        echo "<CENTER>Today is:</CENTER>"
        echo "<CENTER><B>"
        date
        echo "</B></CENTER>"
        echo "</BODY></HTML>"

Getting parameters from GET and POST methods

The easiest way to get parameters for your simple CGI is to use GET or POST method, and parse them with bashlib

bashlib is a shell script that makes CGI programming in the bash shell easier, or at least more tolerable. It contains a few functions that get called automatically and place form elements (from POSTs and GETs) and cookies in your environment. It also contains complete documentation on how to use these variables and how to set cookies manually.

With bashlib to get a specific parameter just write

...
YourVariable=`param username`
...

So if your CGI is called like: http://yourserver.com/bash.cgi?name=joe&surname=smith you can use the following code to get the 2 parameters.

#!/bin/bash

# this sources bashlib into your current environment
. /usr/local/lib/bashlib
echo "Content-type: text/plain"
echo ""
name=`param name` # name = joe
surname=`param surname` # surname = smith
echo "Hello $name $surname"

Example with bashlib

#!/bin/bash
 
# this sources bashlib into your current environment
. /usr/local/lib/bashlib
 
echo "Content-type: text/html"
echo ""
 
# OK, so we've sent the header... now send some content
echo "&lt;html&gt;&lt;title&gt;Crack This Server&lt;/title&gt;&lt;body&gt;"
 
# print a "hello" if the username is filled out
username=`param username`
if [ -n "x$username" != "x" ] ; then
    echo "&lt;h1&gt;Hello, $username&lt;/h1&gt;
fi
 
echo "&lt;h2&gt;Users on `/bin/hostname`&lt;/h2&gt;"
echo "&lt;ul&gt;"
 
# for each user in the passwd file, print their login and full name
# bold them if they are the current user
for user in $(cat /etc/passwd | awk -F: '{print $1 "\t" $5}') ; do
    echo "&lt;li&gt;"
    if [ "$username" = "$user" ] ; then
        echo "&lt;strong&gt;$user&lt;/strong&gt;"
    else
        echo "$user"
    fi
    echo "&lt;/li&gt;"
done
echo "&lt;/ul&gt;"
echo "&lt;/body&gt;&lt;/html&gt;"

This is a small introduction to make you start writing some simple CGI.

And if you think that you can do with bash just little things, look at this project: http://nanoblogger.sourceforge.net/

References:

Apache: CGI scritti in Bash (italian)

Bash Libraries
http://bashlib.sourceforge.net/

Bash CGI Reference Material
http://www.yolinux.com/TUTORIALS/LinuxTutorialCgiShellScript.html
http://www.ffnn.nl/pages/articles/linux/cgi-scripting-tips-for-bash-or-sh.php
http://www.acmesystems.it/?id=165
http://wiki.flexion.org/BashCGI.html

Popular Posts:

Flattr this!

  6 Responses to “Bash as CGI”

  1. Very cool, though I’ll need to do some more test for security sake (doesn’t seem to allow pipes, semicolons or characters to be executed even when used in grep and cat, so it look *pretty* secure.

    I did notice 2 errors though
    1) The semicolon on line 15 (echo Hello user) should be a quotation mark
    2) If you want the browser to INTERPRET the html (instead of just displaying it), replace < with .

  2. gah, comment thing ate my characters:

    Very cool, though I’ll need to do some more test for security sake (doesn’t seem to allow pipes, semicolons or <, > characters to be executed even when used in grep and cat, so it look *pretty* secure.

    I did notice 2 errors though
    1) The semicolon on line 15 (echo Hello user) should be a quotation mark
    2) If you want the browser to INTERPRET the html (instead of just displaying it), replace &lt; with < and &gt; with >

  3. Excellent intro!

    Thank you,
    Ricky

  4. The article might have been comprehensible to me if, someplace (near the beginning??), the author had spelled out or explained what CGI means.

  5. Funny! This churns up many memories.

    More than 15 years ago I was writing bash CGI scripts, storing data in little chunks in the filesystem. Didn’t have PHP and MySQL back then.

    Long before bashlib, there was uncgi, a C program that turned GET/POST into environment variables that were handed to bash:

    http://www.midwinter.com/~koreth/uncgi.html

    Actually, since I was doing this on a Sun SPARC-20, I suspect it was ancient /bin/sh Bourne Shell, not bash. Or ksh or csh. Whatever was on the machine. It didn’t even have Perl.

    I wrote a “caption contest” and, long before anybody used the word “blog,” a web log tool for Minneapolis weatherman Paul Douglas to update his online weather column for startribune.com.

    For a contest, Garrison Keillor wrote a short story with gaping holes that I turned into a madlibs-like Web form.

    Keillor faxed in his story about three hours before the deadline, but I was able get it online in time. If I ever meet Steven Grimm (author of uncgi) I owe him a beer.

  6. Linux Scanner Server is based on a shell script and CGI:
    http://scannerserver.online02.com

    When I discovered that it used shell scripting I fixed several bugs and released a patch for it:
    http://jhansonxi.blogspot.com/2010/10/patch-for-li nux-scanner-server-v12.html

    Shell scripting has its uses but using it for text handling is annoying.

    LSS is using sh (Dash on Ubuntu).

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*