> It is the way it is supposed to be. is there a something in the docs i missed explaining that this is what needs to be done? it took me a very frustrating hour to figure this out. if not it should be submitted as a documentation bug, right?
> With suEXEC enabled, cgi-s run setuid-ed, which is always a risky thing, > so it should be done on the administrator's explicit statement, hence > the need for enabling suEXEC manually. well, they run suid'd to the user which is a whole lot less risky then having them run as the user that the web server runs as. i agree that having another suid root binary is always a bad thing but suexec is kinda pointless with out it, and it's a major security boon. adam.
