SuExec seems to be one way of running cgi as users other than www-data. Is this the only option? I'm curious what most do. SuExec isn't packaged so far as I can tell; is there any facility that might help ensure that a locally-built version is up to date? I'd hate to miss a security notification and leave a hole in the home system.