Frequently Asked Questions

The NearlyFreeSpeech.NET FAQ (*)

Programming (*)

What is a site realm?

How do I set up the server to allow web applications to write files?

How does CGI work at NearlyFreeSpeech.NET?

What can I do if I want a script to run every so often on my site (like cron)?

How do I customize my PHP configuration?

What is the path to the root of my site in PHP?

What is the best HTML editor to use with your system?

How do I increase the PHP memory limit?

What references do you recommend for web technologies?

Do you have register_globals enabled for PHP?

What is the path to the root of my site for CGI scripts?

How do I change the version of PHP that my site uses?

How do I control what user a CGI script runs as?

By default, CGI scripts are executed as the "web" user and group, which has almost no privileges on our system. In most cases, this is the best choice, as it controls the damage that a vulnerable script can inflict. However, for some file-management and other applications, it is necessary for a script to run with the full permissions of the user that owns your files (i.e. you, a.k.a. the "me" user ID when viewed from ssh).

To this end, we allow you to set the suid and/or sgid file permission bits on CGI applications. When the suid bit is set, the web server will execute the script using the user id of the owner of the script (provided that the owner of the script is you). When the sgid bit is set, the web server will execute the script using the group id of the group that owns the script. It is safe to use the suid/sgid bits for this purpose; our system does not otherwise honor them.

Please note that there are security implications to running web scripts as your own user ID. If such a script is compromised, you will need to delete your entire site and recreate it from scratch or otherwise manually check every single file because there will be no other way to ensure that other files have not been subtly changed. For this reason, we strongly discourage the indiscriminate use of this feature as a substitute for properly setting up file permissions.

I used an absolute path in an SSI and it didn't work. What should I do?

Can I compile my own CGI application on your servers?

How do I write files from scripts run by the web server?

How do I protect an upload directory from being exploited?