Introduction:
Whenever PHP runs as an Apache Module it get executes as “user/group” of the web server which is usually “nobody” or “apache”. SuExec is a mechanism supplied with Apache which allows executing CGI scripts as the user to which they belongs to, rather than Apache’s user. This improves security in possibilities where multiple mutually distrusting users can put CGI content on the server and these scripts are executed as the user that created them. If user “admin” uploaded a PHP OR CGI script, you would see it was “admin” running the script when looking at the running processes on your server? This also provides an additional layer of security where script permissions can’t be set to 777 (read/write/execute at user/group/world level).
Milind Koyande is the Senior Research Engineer and his job is to work with new technologies, specially Cloud Computing / Virtualization Technology. His past projects include Government Sector initiatives, Backup and Disaster Recovery Solutions. Follow him on 
