Directory conventions with CGI? 1

[dilettante]

I've noticed that there seems to be a lot of chaos regarding the placement of resource files used by different CGI "pages" (whether scripts or compiled C programs, etc.).

Typically directories "below" the cgi-bin aren't GETable by browsers, probably for good reasons - security more than anything. But when your CGI page returns HTML, that HTML often needs to reference Javascript, images, CSS sheets, and so on of course.

Are there anything you could call more or less "hard and fast" conventions for where an application ought to put these things? I've found some scripts that like to have their images in a directory "images" off the virtual root of the site, a "js" directory for scripts, etc. But then others dump it all into a single "resources" directory.

This isn't a problem with scripts, you just change 'em. The tougher case are compied C or whatever programs where you don't get the source. Then you're sort of stuck with whatever the programmer chose to use.

To avoid doing this myself, I thought I ask if anybody knows what good names might be, and whether they'd put them right under the vroot or in a separate directory for each application, or what?

In other words, say I have some forum thingy that consists of two compiled CGI's, a couple static pages, and a bunch of images and a couple of client-side scripts and an external CSS sheet. Would you organize it like:
[tt]
/vroot
|
+--index.html
|
+--/wizforum
| |
| +--page1.html
| |
| +--page2.html
|
+--/wizres
| |
| +--img1.gif
| |
| +--img2.gif
| |
| +--wiz.css
| |
| +--buttonroll.js
| |
| +--clientval.js
|
+--/cgi-bin
|
+--someother.pl
|
+--wizforuma.pl
|
+--wizforumb.pl
[/tt]
... or would you organize things quite differently. For example throwing all of the static pages into the vroot. All of the images into some common "images" directory that all of the applications on this web site share, a common js directory, etc. etc?

Anyone understand what I'm getting at? Anybody have suggestions?

I'm looking for "best practices" advice I guess, to keep order when there are multiple things going on in one web site. Possibly using CGI pages/apps from various sources.

Of course it could be just one more reason to avoid compled CGI like the plague! ;-)

 

[tviman]

This seems to be the predominent directory layout although there's no real hard & fast rule.

/vroot
|
+--/wizforum
| | +--index.html
| | +--page1.html
| | +--page2.html
| | +--wiz.css
| | +--buttonroll.js
| | +--clientval.js
| |
| +--/images
| +--img1.gif
| +--img2.gif
|
+--/cgi-bin
+--someother.pl
+--wizforuma.pl
+--wizforumb.pl

There's always a better way. The fun is trying to find it!

 

[dilettante]

Thanks, I suspect you are right. I've seen several schemes and that one makes the most sense to me, it keeps things more tidy than most.

I appreciate the time you took to answer this question.

 

[PaulTEG]

+--/images
   +--/nav
   +--/res

I like to have my navigation buttons in a seperate directory

Just my €0.02

--Paul

 

[tviman]

As Paul points out, there are numerous ways to lay out your directory structure. Whatever your choice, I think it best to keep your cgi directory seperate from the rest of your site files and put nothing but cgi scripts in it.

There's always a better way. The fun is trying to find it!

 

[PaulTEG]

I Concur
--Paul

 

[dilettante]

One of the things left out of this discussion was where to place files (data files, etc.) used internally by the CGI scripts or executables themselves.

For example, let's say somebody has a small site backed by an Access MDB file or even a fixed-record random file. You don't really want to throw these sorts of things under your resources directory:
[tt]
/vroot
|
+--/wizforum
| | +--index.html
| | +--page1.html
| | +--page2.html
| | +--wiz.css
| | +--wiz.dat
| | +--buttonroll.js
| | +--clientval.js
[/tt]
Clearly that directory has to be client-readable to permit access to the other files.

{Q} Does it make sense to make a directory under the [tt]cgi-bin[/tt] that isn't user-readable, or put those data files up under the resource directory ([tt]/wizforum[/tt] here) as a non-user-readable directory?

The answer may seem obvious at first, but there are numerous small web servers that do not have a permissions mechanism beyond an almost trivial model:

Rule 1: [tt]cgi-bin[/tt] is execute-only from the client.
Rule 2: Everything else is read-only.
Rule 3: CGI scripts/executables can do whatever the host user they run under can do within the filesystem.

What's the normal convention here to maintain (a.) security, (b.) general consistency and tidiness, and (c.) cross-platform compatability?

Keep in mind that {Q} can only be answered one way if one is going to support those tiny servers with his application. This would seem to dictate then that for all CGI applications, these internal resource files must be placed someplace under the [tt]cgi-bin[/tt] for cross-server compatability.

I guess you might look at this whole thread as a "CGI directory layout best practices" sort of question.