Hi, I host many sites on my server, and have found suEXEC to be a great benefit for both security and keeping everything tidy. The one problem I have always had with it is that it cannot work with a shared script. So I couldn't provide my virtual hosts with a common page counter script.
This caused me quite a headache over the years, it was either I used suexec for a virtual host and copied the shared scripts to that hosts directory, or didn't use suexec at all and run the risk of users executing insecure scripts. I finally resolved to modify suexec to include a shared directory root (that still must be in the document root) along with a valid shared user/group. suexec now bypasses some of the checks for scripts in that directory and allows scripts to run from that directory if they are owned by the designated user/group. I have included my modified suexec for your review and comments. Thank You, Magdi Ahmed
suexec.c
Description: Binary data
suexec.h
Description: Binary data
