I couldn’t publish anything yesterday because upgrading Apache (to deal with some security issue) blew up suexec and I couldn’t get it to work again. suexec is an Apache module that you can use to tell the Web server to run its CGI scripts as a user other than the user who owns the Apache process. The idea is that if I own some files on the server but I want to let Apache write to them, rather than using file permissions, I can just configure suexec to run CGI scripts as me, so that then they can write to my files.
Unfortunately, this approach is rife with potential security problems. If suexec were not extremely picky, it would provide a very simple means for people to compromise servers. The bottom line is that for suexec to actually work, about 12 things have to be set up correctly, and about 6 of those things have to be baked into Apache at compile time. I got it to work once, but I wasn’t as lucky the second time.
After wrangling with it off and on for a day, I gave up and just assigned the files in my document root to the
www group and then allowed group write access to them. I’m the only user on this server anyway.