The httpd-suexec package is part of the httpd source RPM. As part of the security model of suexec, a directory is hard coded into /usr/sbin/suexec (/var/www in Centos 4) that must be the root of all cgi-bin directories on the system. As an alternate, the UserDir (/home/*/public_html) may be enabled for CGI execution - but this is not done by default. As a web-hosting company, we prefer to move the default cgi-bin directory to /home/cgi-bin (and subdirectories) rather than /var/www. This permits us to keep all customer files on one filesystem (/home) and still use Webmin/Usermin/Virtualmin. This also makes it easier to enforce quota restrictions. This is the way we add virtual systems (using cilia as an example): mkdir /home/cgi-bin/cilia chmod 755 /home/cgi-bin/cilia chown cilia.cilia /home/cgi-bin/cilia ln -s /home/cilia/cgi-bin /home/cgi-bin/cilia This follows the security model described in http://httpd.apache.org/docs-2.0/suexec.html although I'm not sure why this restriction is necessary. You get some obscure error messages about "premature end of script headers" if you don't do this correctly. The real error is written to /var/log/httpd/suexec.log but takes a while to find. The change to make this is simple - two lines in the httpd.spec file ( could be one ): %define cgidir /home/cgi-bin <--- added line --with-suexec-docroot=%{cgidir} \ <--- changed line Is this worth doing in CentosPlus? It looks like you have to recompile all of httpd (Apache 2.x) even though you're only changing the one file in the sub package.