suEXEC is a feature in
Apache versions 1.2 and higher. It allows
scripts to be run as a user and group other than the user that the web server is running on. Thereby allowing a
webmaster to allow his users script execution
permissions without having to worry that they will break something.
The tool itself is fairly difficult to install. This is by design, or so the manual says. When compiling it you have to make sure that you pass it parameters since Apache wants you to understand what you are about to do.
When finally running suEXEC you are bound to run into problems with certain scripts, especially in the beginning. There are about 20 questions that Apache asks itself before it will run a scripts using suEXEC. Is the script group writable? Is the script owned by root? If any of these questions are true then the script won’t run and you’ll get a cryptic error in the logs.
Besides it’s difficult installation and paranoid security measures it really is a fantastic feature of Apache.