(Back to Info/Help Page)

Web Server Basics

Web hosting on VectorStar allows you to run your own web site. Our services allow you to use a number of scripting features not normally found on free hosting services.

To put up a web site, put your content in your public_html/ directory. You can upload content most easily via FTP. We will be offering SFTP/SCP soon.

Other files in your home directory are not accessible via the web. If you do not have a public_html/ directory, log in to our website and enable your web service.

Your webspace will be viewable at http://users.vectorstar.net/~yourname/. If you have configured a virtual domain, it will be viewable at http://yoursubdomain.vectorstar.net/.

Index files are the default files that will be displayed to a web surfer when they request a folder, rather than a specific file. Using index files in each directory of your website is generally considered a "good thing".

The following index files are recognized:
  • index.shtml
  • index.html
  • index.php
  • index.cgi
  • index.pl
To view traffic statistics or your website's current bandwidth usage, log in to this site and click on the links on the left hand side.
Last Updated 7-20-2006.

Bandwidth and Resource Limits

The following resource limits are imposed:
  • 5GB of traffic monthly (170MB per day) is allowed.
  • CGIs are limited to using 20 CPU seconds before being terminated
  • CGIs may use no more than 40mb RAM each
  • No more than 40 CGIs may be running system-wide at any given moment


You can check your website's bandwidth usage in real-time! Go to http://users.vectorstar.net/~username/usage .
Last Updated 7-20-2006.

Web Scripting on VectorStar

We allow users use of the following scripting methods:
  • PHP (version 5)
  • CGI (Most commonly perl)
  • Server-Side Includes (SSI)
We do not allow unconditional use of these methods, and restrict them as we see necessary. For example, we only allow use to a few shells, do not allow use of the perl Socket module, and do not allow any sort of mail delivery from a script.

** PHP and CGI scripting require specific file security settings. More information on this can be found below in the "CGI and PHP Security" section.
Last Updated 11-22-2005.

CGI and PHP security

Running CGI or PHP scripts on our servers require very specific file permissions. This document is intended to clarify what file settings are required for you to run a script. These security settings also aim to protect your scripts and data from other (potentially malicious) VectorStar users.

A quick introduction to process execution in UNIX:
The web server is a process which runs on a server. This process, like every process, runs with the permissions of a specific user of the system. Under normal conditions, any CGI which would get executed through the web server would also run with the permissions of this one specific user.

In multi-user environments (such as a web host), this creates major problems. Every user's scriptss have the same access and permissions as everyone else's. One user can write to and alter other users' script data files and things. Users also cannot have private data files, shielded from the rest of the users. In order to fix this problem, we have enabled a feature called suEXEC on the Apache web server. It allows CGIs (and now PHP too) to be run with the permissions of their owners (your account), thus resolving the problems above. For suEXEC to remain secure, it has some very strict rules about file permissions.
  • The user and group designated in your web server configuration must match the owning user and group of the script as well as its parent directory.
  • Both the script and its parent directory MUST NOT be world-writable.
  • Both the script and its parent directory MUST NOT be group-writable.
  • The script must not be setuid (if you don't know, don't worry).
  • The script must not execute a setuid interpreter.
So.... now that the issue has been completely beaten to death, here's how to leverage the power of suEXEC CGI execution to your advantage:
  • You will need an FTP client that supports either raw or SITE commands, or has a mechanism for setting the file permissions on an FTP server.
  • An understanding of the chmod command helps. It is the primary command used to make these file security settings.
  • Your script's parent directory (most often cgi-bin/)must be set to be readable and executable by all, and writable only by you:
    	SITE chmod 705 cgi-bin/
  • Set the file security of the script to make it executable, while writable only by you:
    	SITE chmod 705 filename
  • Set the file security of any data file the CGI uses to be non-executable and writable only by you:
    	SITE chmod 604 datafile
Your script should now execute properly and securely on VectorStar!
Last Updated 2-11-2003.

List your Website on our Users list

This is really easy! Log in to this website and go to your account features. In the Configuration field for your "web" service, enter your description. If you leave the Configuration field blank, you will not be added to the users list.
Last Updated 2-13-2005.