The server configured in /etc/apache2 is a stock Debian server, but the suexec wrapper has been altered. It uses the worker MPM, so won't work with mod_php as-is.
mod_suexec
The suexec wrapper at /usr/lib/apache2/suexec2 has been recompiled, so that the DOCROOT option is /home (rather than the default /var/www). This means that all the users with custom domains can still use mod_suexec. If we hadn't done this, only scripts called via mod_userdir would work - in practice, this means that they would have to use the subdomains like http://bill.uwcs.co.uk/. (We could also possibly do it by using mod_rewrite to change them to call mod_userdir internally - it gives me a headache just thinking about it.)
You can confirm this by running sudo /usr/lib/apache2/suexec2 -V.
There are 20 conditions that must be fulfilled before suexec will execute a script. If a script is not running, check /var/log/apache2/suexec.log to find out why.
mod_userdir
mod_userdir does not support changing the URI via which it is called - it is hardcoded to use tildes, (as in http://uwcs.co.uk/~bill). We used mod_rewrite to enable us to use subdomains (as in http://bill.uwcs.co.uk/) - it is better for cookie security.
Bear in mind that merely using mod_alias rules to serve the subdomains from /home/*/public_html/ was not sufficient, because then the suexec wrapper would not get called.
mod_suphp
suphp is like suexec, but for PHP programs. It exists so that people don't have to put #! lines at the top of their scripts.
Custom php.ini files
People wishing to use custom php.ini files (e.g. for large file uploads) must either:
Place this php.ini in the same directory as the PHP script being executed, or
Have a suPHP_ConfigPath line placed in their VirtualHost by an admin.
mod_php
We don't use mod_php in general, because:
it won't work with suexec or suphp, so code will run as the www-data user, and be able to overwrite Apache log files.
- it is not threadsafe, so won't play nicely with the worker MPM.
However, it is theoretically possible to run mod_php concurrently with mod_suphp, and enable it solely for CompSoc VirtualHosts. We would need to switch to the prefork MPM to do this.
mod_fcgid
We don't use mod_php, for security reasons (i.e., it won't work with suexec or suphp). An alternative is to use FastCGI.
There is an Apache module called mod_fastcgi - this is both non-free, and unmaintained. For users of Apache2, it's better to use mod_fcgid.