To do this, I’ve decided to use the Apache suexec option for all my scripts. I won’t go into specific details about the setup here, but present a pretty solution to an annoying problem that arises when using suexec and applying software updates for the Apache server.

If your web files are located in /var/www, you won’t need this. For security reasons, suexec is compiled with various configuration options that can’t be changed runtime – the “safe” location of scripts is one of them. If you – like me – have your web files located somewhere else, you’ll need to recompile suexec and re-install it every time you upgrade Apache. If you decide to get the entire source code tree for Apache, just for this, you’ll find yourself in a mess that could easily be avoided.

Here is my solution: Since the suexec source files themselves rarely change, I picked out exactly the files needed to compile the suexec binary and simplified the Makefile. This way, I’ve got a very small directory with the files required to build my suexec with my own configuration options, without messing with the rest of the Apache source code. As long as I remember to run make install after updating Apache, it’s all good.

First of all, you need to set up a directory for the suexec files:

Now make the changes you need to suexec.h and write a suitable Makefile:

You’ll need the apr-devel and httpd-devel packages for this to work. Remember that you need to indent with tabs in makefiles. Run make install to install:

If you’re running php-cgi and getting http error 500, your suexec probably needs to be re-installed. Remember to check the suexec logfile.