The original Linksys firmware contained a modified version of thttpd. The Linksys version maps all Samba shares into subfolders with HTTP authentication identical to Samba authentication. There is no evidence of a cgi program to do this or even the capability to define a program to do it so I am assuming it is hardcoded into Thttpd. Attempting to update Thttpd to a newer version breaks shared folder access.
The package is a bit different too:
The html file location is set by the init.d script as follows:
The thttpd pages at acme.com suggest a more elaborate way of starting thttpd, firstly they give a wrapper script:
The script causes thttpd to get its configuration from a file. It also forces Thttpd to run in the foreground so that the script halts until or unless thttpd terminates.
Config file from acme.com:
Note that you probably shouldn't use all these options, under the Debian model "start-stop-daemon" can create the pidfile (process id), also running perl programs under chroot is extremely difficult and probably not worth the extra effort unless you're serving to the internet.
If your perl scripts often end in .pl the cgipat could be **.cgi|**.pl or alternately you might create a cgi-bin directory and use /cgi-bin/* to have every executable in that directory treated as cgi.
Thttpd is picky about permissions, in particular it will only return a file if it is set "world readable". This avoids the silly situation where an html file can be viewed from the internet but not by a logged in user, also it prevents private files being made visible accidentally and allows some logfiles and config files to be located in the www directory without compromising security.
An actual configuration
I'm going to set the directory to /var/www to match my previous cherokee configuration. The cgi-bin folder will be moved from /usr/lib to /var/www. Some permissions will need fixing. For security's sake some permissions should be "broken" e.g. the admin scripts should have their world permissions cleared.
The two start lines in /etc/init.d/thttpd have been patched to set the directory, the cgi pattern and set the user to www-data.