suexec is used by the Apache HTTP Server to switch to another user before executing CGI programs. In order to achieve this, it must run as root. Since the HTTP daemon normally doesn't run as root, the suexec executable needs the setuid bit set and must be owned by root. It should never be writable for any other person than root.
For further information about the concepts and the security model of suexec please refer to the suexec documentation (http://httpd.apache.org/docs/2.4/suexec.html).
suexec -V
-Vroot, this option displays the compile options of suexec. For security reasons all configuration options are changeable only at compile time.
© 2016 The Apache Software Foundation
Licensed under the Apache License, Version 2.0.
https://httpd.apache.org/docs/2.4/en/programs/suexec.html