I use $_SERVER[‘PHP_AUTH_USER’] in php to query the database for allowed users into the admin area of several client websites. This works fine in the test environment (just ubuntu), but not in virtualmin. It seems as though ‘PHP_AUTH_USER’ is not being passed into the environment, even though phpinfo() shows that safe_mode is off.
Well, “Virtualmin” isn’t compromised – it just means that all the websites on your server will be running as one user, the user Apache runs as – rather than the individual Virtual Server owners.
You’d have to weight the security implications and how they affect your server yourself – it depends on how important your data is, whether you have untrusted users or scripts, and so forth.
For a multi-user server with people who can upload untrusted scripts, I personally would not switch away from suexec