agoara cart install
[Agora Main Menu] [Support Main Menu]
CONTEMPORARY DIGITAL MARKETING
Site Design, Deployment & Management
Hosting Design Evaluation Contact
TEXT FILES

  • agorascript
  • html_Readme
  • CHANGES v4.0K
  • codehook
  • email
  • historical_info
  • multiple_gateways
  • NETSCAPE_MSIE
  • options_files
  • othertaxinfo
  • parsed_HTML
  • server-side_cookies
  • shipping
  • subcategories
  • using_UPS
  • variable_options
  • wrapper_readme
    		•

    March 14, 2000
    Updated April 29, 2000
    Rewrite June 15, 2000
    Updated September 2, 2001
    Updated December 31, 2002

    These are the wrapper programs, and some pre-compiled versions.  If your
    OS is in the list below, try to follow those directions as step one.

    If you are not sure what ID your hosting account runs under, you may
    download the test_id.cgi script at http://www.AgoraCart.com/download.htm

    If you you do not have TELNET or SSH type access, cannot get it, and
    your SUID bit does not run under your ID, then you will need to ask your
    server administrator to install the wrappers for you.  If they are unwilling to
    perform this for you we recommend that that you check out the authorized
    hosting companies listed at AgoraCart.com

         DIRECTIONS FOR SPECIFIC OS's
         ============================

    for directions for your OS, if available.

    To use the makefile, just type

        make wrapper

    and it will use the 'cc' compiler to compile and set permissions.
    Make sure

    The wrapper programs are designed to help keep AgoraCart
    running more safely.  Hopefully your web hosting company has things setup
    on your Unix host such that scripts run under your user id instead of a
    generic account.  If not, and you want to run scripts under your id, you
    will need a wrapper program.  It may also prove useful in "Offline" mode
    to solve file permissions problems when using a different user id for
    https:// calls (often happens if you are running under a "borrowed" server
    certificate).

    If you are installing the wrapper because your scripts do not run under
    your own id normally and the SUID bit cannot be set for scripts on your
    OS, you will need to install for both agora and the manager.  If you are
    just solving https:// problems, you may not need the manager wrapper if
    you won't run the manager from the https:// address.

    The provided wrappers were tested under Linux.  Some OS's allow scripts to
    have their SUID bit set (Solaris for example) and do not need a wrapper.
    Some other OS's are "broken" and perl complains loudly, hence the need for
    this wrapper program.

    Optimally, you will be running on a system that runs scripts under your id
    and will have no need for a wrapper.  Many people do run web store type
    programs under generic user id's without incident, but since file
    permissions need to be "loosened" to allow this, it is inherently less
    secure.  Many other cart programs use these unsecure settings but don't
    let you know they are doing it!

    The latest version wrapper programs available are 3.0a.  There was a
    vulnerability with 2.0a and earlier wrappers in that a symbolic link could
    be used to gain access to your web site.  By using the 2.0b (download
    at AgoraCart.com) or the new 3.0a wrapper this vulnerability is eliminated.

    =====================================================

    DIRECTIONS FOR SPECIFIC OS's
    ============================

    LINUX:
    ------
        Linux does not allow the SUID bit to be set for scripts on older
      kernels.  At AgoraCart.com (security page), you will find pre-complied wrappers
      in the tar file linux_wrap.tar.  After un-tarring, move the files to the
      appropriate directories and follow the steps starting with step 2
      listed in the comment header for wrap_mgr.c and wrap_agc.c respectively.
      (the compilation step is done already)  You will need TELNET or SSH access to
      complete these steps.  The command to un-tar the files compiled
      under slackware 3.4 (2.0 series kernels and 2.2 kernals) is:  

        tar -xvf linux_20_wrap.tar
                   or
        tar -xvf linux_22_wrap.tar

    you may also try the manual compiling method outlined below on newer Linux systems:

    Directions for wrap_agc.c:

    1) Compile this C program (use cc if you don't have gcc):

         gcc -o wrap_agc.o wrap_agc.c

    2) Set permissions on the wrapper so it runs under your id:

         chmod 555 wrap_agc.o
         chmod a+s wrap_agc.o   (some servers this works OK)
         chmod 4555 wrap_agc.o  (some servers this works also/instead)

    3) Agora.cgi 3.1+ will detect the wrapper and use it automatically if it
       is properly placed in the same directory.

    Directions for wrap_mgr.c:

    1) Compile this C program (use cc if you don't have gcc):

         gcc -o wrap_mgr.o wrap_mgr.c

    2) Set permissions on the wrapper so it runs under your id:

         chmod 555 wrap_mgr.o
         chmod a+s wrap_mgr.o   (some servers this works OK)
         chmod 4555 wrap_mgr.o  (some servers this works also/instead)

    3) Manager.cgi 3.1+ will detect the wrapper and use it automatically if it
       is properly placed in the same directory.


    SOLARIS:
    --------
        You probably do not need a wrapper program, as modern Solaris kernels
      have the code to allow for SUID bit to be properly set on your scripts
      in case your web server does not automatically do that for you.  From
      your TELNET or SSH session, use the commands:

        chmod a+s agora.cgi   (from the main directory)
        chmod a+s manager.cgi (from the ./protected directory)

      That should enable scripts to run under the acct owner's id, provided
      that those files are "properly owned" by the account owner.  Also, this
      assumes your http server allows SUID programs to be executed.  If your
      web server does not allow the execution of SUID programs, you can then
      compile and install the wrappers.

    FreeBSD and Other Unix or Unix-like OS:
    ---------------------------

      Try to use the SUID bit on the script, or ask your system administrator
    if the SUID bit works with scripts.  If it does not or you prefer to use
    the wrapper program, just follow the directions in the comments at the
    top of each wrapper program.  If that doesn't work consult your system
    administrator or tech support dept. at your hosting company.

    Manual Wrapper compile Directions for wrap_agc.c:

    1) Compile this C program (use cc if you don't have gcc):

         gcc -o wrap_agc.o wrap_agc.c

    2) Set permissions on the wrapper so it runs under your id:

         chmod 555 wrap_agc.o
         chmod a+s wrap_agc.o   (some servers this works OK)
         chmod 4555 wrap_agc.o  (some servers this works also/instead)

    3) Agora.cgi 3.1+ will detect the wrapper and use it automatically if it
       is properly placed in the same directory.

    Directions for wrap_mgr.c:

    1) Compile this C program (use cc if you don't have gcc):

         gcc -o wrap_mgr.o wrap_mgr.c

    2) Set permissions on the wrapper so it runs under your id:

         chmod 555 wrap_mgr.o
         chmod a+s wrap_mgr.o   (some servers this works OK)
         chmod 4555 wrap_mgr.o  (some servers this works also/instead)

    3) Manager.cgi 3.1+ will detect the wrapper and use it automatically if it
       is properly placed in the same directory.

    ^ TOP || < Back