Uses setuid helpers which set the user directly to the user the CGI program
will run as instead of switching to root and then back to the target
user. The sysadmin can control which users can run CGI scripts by 
controlling the installed helper binaries.

Also reads a pair of text files to determine exactly what CGI scripts are
allowed to run for each user. 

In the apache config dir, create "apache-suid" with:
run:/home/*
run:/var/www/*

CGI programs located in other parts of the filesystem will be blocked.

In the user's $HOME directory, create ".apache-suid" with:
run:/home/user/www/*

Both files must exist and the CGI program to be run must match a "run:"
entry in BOTH files or the script will not be run.

The module will run the setuid helper at:
/usr/lib/apache2/suexecdir/user 
where "user" is the login name of the user to run as. For example, for
my login name "herrin":

cp suexec-user /usr/lib/apache2/suexecdir/herrin
chown herrin: /usr/lib/apache2/suexecdir/herrin
chmod 6511 /usr/lib/apache2/suexecdir/herrin




apache-suexecuser for Debian
-----------------

build with dpkg-buildpackage
<possible notes regarding this package - if none, delete this file>

cd c
cp generators/mod_cgi.h generators/mod_cgi.c .
mv mod_cgisuexecuser.c mod_cgisuexecuser.c.oldversion
cp mod_cgi.c mod_cgisuexecuser.c
patch -p0 < mod_cgisuexecuser.c.diff

 -- William Herrin <[email protected]>  Mon, 07 Jan 2013 11:15:38 -0500