Ok heres the deal,

Once you run php as cgi and have phpsuexec enabled. All ifmodule php4 tags in your httpdconf file are ignored or not working anymore since php runs as cgi.

The thing is using this way, every one will run as username/groupname instead of nobody and more easy to track down spammers etc

BUT heres where I dont get it.

Only way you cna turn off safe mode is by adding a tag to httpdconf file for each site but remember now it runs as cgi so all php tags in httpd conf dont work anymore.

You have to put php.ini file with settings you want in each users root.

I was thinking it was all okay as long as root can only make the php.ini work.. guess wrong.

A user can just make a php.ini and put his settings in e.g openbase dir protection to nothing, safemode off etc etc.

I hope I explained it correctly.. How to stop such a mess?? Possible to only allow php.ini rules to be read if file is under root owner instead of user owner??

I can just image users doing what php configs they want by using the php.ini in their userroot and ignoreing your main server php.ini file.