Re: enabling suexec with debian apache [solved]
> If there is an exploitable cgi, then there is web access to all of the
> owning user's files. If it is not run via the suEXEC mechanism, then the
> permissions are that of www-data, which are close to nothing.
except that suexec effectively chroot's the the virtuals document root
... so all of the users mail etc files in their home directory should be
> If suEXEC is enabled, then a lot more requirements need to be met for
> running a cgi. This usually leads to a lot of users complaining about
> this and that is not working and why, when it runs on another similar
the eternal trade off between security and convenience. it's your choice.