I'm just looking for some general advice regarding 'best practices' for Python CGI scripts. I have a working script that I can run successfully by pointing my web browser to a specific web page. The script is located in /usr/lib/cgi-bin, and I am assuming the default permissions for this directory are such that only root has write permissions.

Once the script is placed in this directory and executed, it needs to write and read a text file (used as a simple database). My question is - assuming the user 'nobody' is running the script, where should I save this text file? 'cgi-bin' is out of the question, and I can't trust /tmp/ for long-term storage, so what is normally done here? Is it a huge mistake to change the permissions on 'cgi-bin' so the user 'nobody' can write there?