In your test virtual host, add the following:
SuexecUserGroup stuart users
Replace “stuart” with the user who owns the website, and replace “users” with the group that the user belongs to. This sets the privileges that PHP will run as.
To ensure the security of your server, suexec is very particular about what conditions must be met before it will execute your PHP scripting engine. A full list of conditions can be found in the Apache docs. To make sense of the conditions, you’ll need to know what settings your copy of suexec has been compiled with. Run the command suexec -V to find out your system’s settings. This is the output from my Seed Linux LAMP Server system:
belal vhosts.d # suexec -V -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=100 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/apache2/suexec_log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_SUEXEC_UMASK=077 -D AP_UID_MIN=1000 -D AP_USERDIR_SUFFIX="public_html"
The first condition (and one that isn’t obvious from the Apache manual!) is that the PHP CGI executable must be installed under AP_DOC_ROOT. Chances are that it isn’t installed there at the moment, so go ahead and copy it there.
mkdir /var/www/localhost/cgi-bin cp /usr/bin/php-cgi /var/www/localhost/cgi-bin
The second condition is that the PHP CGI executable must be owned by the same user and group you listed in the SuexecUserGroup statement earlier. This causes problems for shared hosting; I’ll show you how to fix that later in this article.
chown stuart users /var/www/localhost/cgi-bin/php-cgi
Update your Apache httpd.conf file to use this copy of PHP:
ScriptAlias /php5-cgi /var/www/localhost/cgi-bin/php-cgi
Restart Apache, and test to make sure that PHP 5 is still working. You should also start to see log messages appearing in AP_LOG_EXEC. This is the first place to look if PHP isn’t working (although the log messages can be a little terse and cryptic).
For reference, here is the Apache config from my test system:
ScriptAlias /php5-cgi /var/www/localhost/cgi-bin/php-cgi
Action php5-cgi /php5-cgi
AddHandler php5-cgi .php
AddDirectoryIndex index.php index.phtml
<VirtualHost *:80>
DocumentRoot /var/www/localhost/htdocs
<Directory /var/www/localhost/htdocs>
Options Indexes FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SuexecUserGroup stuart users
AddHandler php5-cgi .ph
</VirtualHost>
Configuring suexec For Shared Servers
I mentioned earlier that there was a problem with using suexec + PHP/CGI on shared servers - the very environment where suexec is needed the most 
In one of the steps above, we created a copy of the PHP CGI executable, and changed its ownership on disk to match the ownership of the website.
chown stuart users /var/www/localhost/cgi-bin/php-cgi
What happens when we have two websites, each owned by a different user? Or five, or ten, or hundreds? Apache’s suexec will refuse to re-use this copy of the PHP CGI executable for each of the websites, because it isn’t owned by the right user and group.
Each website needs its own copy of the PHP CGI executable, owned by the user and group that owns the website itself. We don’t want to create hundreds of copies of the actual PHP CGI executable (it’s a large waste of space, and a pain for managing PHP upgrades), so instead we can point each website at its own copy of a simple bash script:
#!/bin/bash /usr/bin/php-cgi "$@"
This script simply executes our central copy of the PHP CGI executable, passing through whatever parameters Apache has called the bash script with.
To configure Apache to use this script, simply move the ScriptAlias statement from outside the VirtualHost config to inside.
