The Web @ Courant
Setting up a web page
- Web Hosting Policy
- Secure Computing Policy
- Digital Accessibility Requirements
- Creating a web directory
- PHP programming
- CGI programming
- Restricting Access
- Being included on a list
- Listing directory contents
- Composing a Webpage in Linux
- Composing a Webpage in Windows
- Advanced WebHosting
Web Hosting Policy
All users are responsible for the content of their site. If a user allows for community based content to be posted, the person running this site is responsible for monitoring ALL data and securing their site (this includes any upload scripts, wikis, blogs, bulletin boards, etc.) We recommend that all uploaded content be posted only after review and that submission of data be restricted to valid users. If inappropriate material is found or reported on your site any users who are responsible for this acount are subject to disciplinary action including losing web priveleges.
Secure Computing Policy
Any web based script that allows posting of data and then utilizes this data in some form has a potential for a security violation. Please be completely aware of the security implications before allowing this. Some things to consider when allowing posting of data: SQL or parsing injection, spam, malicious/inappropriate content, and account/data compromises. Many of these may even have legal implications and should be considered appropriately.
Digital Accessibility Requirements
All web content on NYU sites must comply with digital accessibility rules, which apply to HTML, CSS, images, and any PDFs or other documents posted online. Automated scanning tools are used to ensure web content is accessible. Learn more about digital accessibility requirements here.
Setting up a homepage at Courant
Creating a web directory
You can set up a web page by simply placing it under the directory /web/$USER
(where $USER is your CIMS username). If you have access to another document hierarchy, such as a research group or administrative page, the same instructions apply except for the directory path.
All filesystems are mounted on all the webservers and the webservers are configured to treat a user's /web
directory as if it were part of the document hierarchy. Note that HTML files outside your /web
hierarchy will not be accessible via the web server.
The minimum permissions of your /web
directory should be as follows:
chmod 711 /web/$USER chmod 644 /web/$USER/index.html
PHP programming
Warning: Any scripts that use variables passed to them have potential for security exploits. Please be aware of the security implications and realize that web based scripts run as your user and can compromise your account. This is especially so with non-restricted upload scripts!
Courant supports PHP scripting in your /web directory. Any file that ends with .php will be interpreted as a PHP script file. Please see PHP's official page for further documentation.
Error reporting is disabled by default, for security reasons, but can enabled with the following lines:
ini_set('display_errors', true); ini_set('display_startup_errors', true); error_reporting(E_ALL);
This will only report programming errors, not syntax errors. To detect syntax errors, run php filename.php on any Linux server.
CGI programming
Warning: Any scripts that use variables passed to them have potential for security exploits. Please be aware of the security implications and realize that web based scripts run as your user and can compromise your account. This is especially so with non-restricted upload scripts!
Cgi-bin access is provided via Apache's suexec
, which checks cgi scripts for possible security holes. Note that cgi-bin access used to also be provided by cgiwrap but that is no longer supported.
Place your scripts in /web/$USER/cgi-bin/
(subdirectories are allowed). If the directory doesn't exist, create it by running:
mkdir /web/$USER/cgi-bin
Also to make this work, you need to have a symlink in your home directory called public_html
that points to your web directory. For most users, this is created at the time your CIMS account is created, but if you have an older account or at some point deleted the public_html
symlink, run:
cd ~ ln -s /web/$USER public_html
Set the permissions for your cgi-bin directory and scripts as follows (making scripts world writable will disable the script due to security implications):
chmod 711 /web/$USER/cgi-bin chmod 755 /web/$USER/cgi-bin/sample-script.cgi
The URL for a CGI program using suexec is:
http://server/~username/cgi-bin/sample-script.cgi
Here is a sample-script.cgi file for an example (copy the content and paste into sample-script.cgi in your cgi-bin directory):
#!/usr/local/bin/perl -wT
print "Content-type: text/html\n\n";
print "<html><head><title>Hello World</title></head>\n";
print "<body>\n";
print "<h2>Hello, world!</h2>\n";
print "</body></html>\n";
Restricting Access
Restricting access can be based on nyu netids, cims usernames, domains, etc. This can be done by adding the appropriate directives to an .htaccess file in the directory to be restricted.
Being included on a list
To have a link to your homepage included on one of web pages maintained by the Institute, please follow the instructions on that page or contact the site webmaster (webmaster@cims.nyu.edu, webmaster@cs.nyu.edu, webmaster@math.nyu.edu).
Listing Directory Contents
The listing of directory contents for directories without an index.html is not generally enabled. It is however, enabled for all public_html directories as well as some others. For the contents of a directory to be listed, the permissions on that directory have to be somewhat different from those directories containing an index.html. The correct permissions are...
chmod 755 /web/$USER/somedirectory
It is best to enable this for chosen subdirectories under your /web
directory to avoid inadvertently listing the contents of your /web
directory.
In addition, you may have to add a .htaccess
file to the directory, consisting of the following:
Options +Indexes
Composing a Webpage in Linux
- Set the minimal permissions of the
/web
directory by executing the command chmod 711 /web/$USER. - To create an .html file, open a Mozilla SeaMonkey browser. Under the Window tab, select Composer. A blank page will be shown and it is here that you will design your webpage. When satisfied, save the .html file to the
/web/$USER
folder. In order for your webpage to be viewable by other users, you will need to change the permissions of the file you just created. Open a Terminal and execute the command chmod 644 /web/$USER/YOUR_HTML_FILE.
Your page should be accessible by entering the URL http://SERVER/~USER_NAME/YOUR_HTML_FILE.html
where SERVER
is one of cims.nyu.edu
, cs.nyu.edu
, i6.cims.nyu.edu
; USER_NAME
is your account login; and YOUR_HTML_FILE
is the .html file you just created.
Note: Any files that are implemented in your .html files (i.e. image files, etc.) must be stored in your /web
folder and have their permissions set using the chmod 644 command listed above.
Composing a Webpage in Windows
- To create an .html file, open a Seamonkey browser. Under the Window tab, Select Composer. A blank page will be shown and it is here that you design your webpage. When Satisfied, save the .html file to the
\\fs-u2.cims.nyu.edu\username
folder. - In order for your webpage (.html file) to be viewable by other users, you will need to change the permissions of the file you just created. To do so, open your
\\fs-u2.cims.nyu.edu\username
folder and do the following:- Right-click the .html file and Select Properties.
- Click the Security tab.
- Click Everyone. Check the "Read and Execute" and "Read" boxes.
- Now Click your user name. Check the "Full Control" box. Then Click Apply.
Your page should be accessible by entering the URL http://SERVER/~USER_NAME/YOUR_HTML_FILE.html
where SERVER
is one of cims.nyu.edu
, cs.nyu.edu
, i6.cims.nyu.edu
; USER_NAME
is your account login; and YOUR_HTML_FILE
is the .html file you just created.
Note: Any files that are implemented in your .html files (i.e. image files, etc.) must be stored in your public_html
folder and have their permissions set per the instruction above for .html files.
Note: If you are using an IDE for composing web pages such as dreamweaver and you are uploading your pages through dreamweaver, you will need to update permissions to the files once they get on our servers. Otherwise you could run the following command:
setfacl -r -m \ default:user::rwx,default:group::---,default:other:r-x public_html
This will set the default ACL and ignore umask settings in your public_html directory heirarchy.
Creating a MySQL Database
Warning: If allowing web-based content to a MySQL database, always be aware of the SQL Injection exploits that are possible.
Please see here for documentation on Courant's database service.
If you are running an individual database for a class on courses2 or courses3, see instructions here for setting it up. If you would like to migrate from a courses1 database to the new hosted system, please see this page.