Apache's mod_php executes php scripts under the UID of the apache process itself (usually 'nobody'), which is a potential security problem. There are solutions for enabling suexec on php scripts, but they require all your scripts are in a ScriptAlias'ed directory of the VirtualHost and the first line of your php scripts is a shebang notation (#!/usr/bin/php). However, if you provide virtual hosting for your clients, it's not too good to ask them to edit their php scripts to conform with those rules. That's why I developed the following small C program acting as a PHP wrapper. Using this program will enable UID/GID setting on php scripts, while keeping them look like they are processed by mod_php. The original version has been slightly advanced by Simon "janus" Dassow to fix certain problems with scripts running outside the cgi-bin directory. Since I keep getting questions about the wrapper, I decided to post Simon's version here instead of the original one. Later I found that both the original script and the Simon's version had a memory allocation bug, which caused strange behaviour in some cases.
Some new features added in the version 1.3. Mostly that's per-user php configuration.
Here is the latest updated and advanced version of the wrapper:php_cgi-1.5.tar.gz - Version 1.5 (Wednesday, 18-Nov-2009 20:33:56 MSK)
And the previous version:php_cgi-1.3.tar.gz - Version 1.3 (Wednesday, 18-Nov-2009 20:33:56 MSK)
The installation manual is contained inside the source.
If you have any comments, please direct them to me at the following