On one of my apache I use suexec to run some tasks – some weeks before I configure all it and all stuff works well, but some days later when I try to run my cgi-perl script I found I have “500 Internal error”. I change nothing in apache config or in my scripts – I just install fresh updates for ubuntu. In apache’s error log I’ve got :

[Wed Jul 29 08:15:28 2009] [error] (13)Permission denied: exec of ‘/usr/lib/apache2/suexec’ failed
[Wed Jul 29 08:15:28 2009] [error] [client my_ip] Premature end of script headers: script.pl

It’s strange, but anyway it doesn’t works. I spent some time trying to fix it ( some guys recommend to rebuilt suexec – but it’s not a simplest way to fix this problem ) – in my case it was fixed by changing owner of my suexec. I check out current properties :
ls -la /usr/lib/apache2/suexec
-rwsr-xr– 1 root www-data 18872 2009-07-10 18:40 /usr/lib/apache2/suexec
and change them :

chown root:root /usr/lib/apache2/suexec
chmod 4755 /usr/lib/apache2/suexec

And don’t forget to restart :

/etc/init.d/apache2 restart

ps. by the way suexec’s id’s are :

#id www-user
uid=1000(www-user) gid=109(www-group) groups=109(www-group)


  1. Chris says:

    This tip is still valid for Debian squeeze and the apache2-suexec-custom 2.2.16-6+squeeze4 package. After installation, /usr/lib/apache2/suexec is owned by root:www-data and not executable for other users. chmodding and chowning according to your entry fixed it.


  2. J.P. Tosoni says:

    I had this same 500 error with suexec on Wheezy. Your post helped me to find out the reason:

    suexec should have the same user/group as apache, which is defined in /etc/apache2/envvars

    (however this is not explained in the suexec doc)

    My Apache’s group was set to the one of a regular user. After adjusting either envvars or the suexec group to match, the error was gone. So I guess your Apache group is root…

    Thanks for pointing to the correct direction.


Leave a Reply