So after gearing up to do some changing to my security stuff, i was looking in on suexec. Suexec is great, it runs all processes launched from apache as the person that actually owns them and does a lot of checking to make sure things are what they are meant to be.

The only down side is, its default options are compiled in and cannot be changed. So on Debian this obviously presents a challenge. Never fear! We can rebuild it!!.
Starting off,

cd /usr/src
apt-get build-dep apache2.2-common
apt-get source apache2.2-common

Wait patiently for stuff to download and unzip and then head into the directory it just created. Should be something like this

cd apache2-2.2.3/

Now you want to edit the debian build rules so that it changes the suexec stuff

vi debian/rules

Just near the top there is
AP2_COMMON_CONFARGS

And you will notice that it has a lot of references to suexec.
Just change the options to what you want. In my case i want to change the docroot to be /home/hosting
so mine looks like
--with-suexec-docroot=/home/hosting \

Now to stop apache getting overwritten with the same version next time you update, we need to increment the build number.
dch -i
(Note: if you don’t have this command you need to install devscripts )
edit the build notes at the top to say what you changed, and then exit.

then simply build the package
dpkg-buildpackage
if you now goto the /usr/src directory you will have all the .deb files that you need to install
dpkg -i the ones you need such as apache2.2-common etc, and then run apt-get -f install to install any extra dependencies and your done.