PHPSuExec
PHPSuExec does for PHP Scripts what SuExec does for Perl files.
PHPSuExec makes files run under a specific user account, as opposed to the Apache user account (generally nobody). This is a great help, as we know that when we create any files/folders through any PHP script, it is created with apache (nobody) as the owner. With PHPSuExec, these files are properly owned by the user under which they are created. This allows us to better monitor the resource usage of accounts.
The security hole of PHP.
On most Apache servers, PHP runs as an Apache Module. As such, it runs directly in the user Nobody, but doesn’t require the execute flag.
This means that in order to execute a PHP file, it simply needs to be world readable.
The problem is that this allows every other users on the server to read your PHP files !
Allowing other users to read your HTML files is not a problem, since they can be displayed in Internet Explorer. However, PHP files are not readable, they are parsed.
Many scripts use a PHP file to store a database username and password. This means that on another server every client could read your PHP files, retrieve your password and access your databases.
PHPsuexec will refuse to execute a script if it is world-writtable to protect you from someone abusing one of your scripts.
