The web server returns the error "Internal Server Error" when it "failed to setgid"

Symptoms

The web server returns an "Internal Server Error" error, while the web server log shows that the PHP script terminates before any headers are sent.

The "suexec" log shows "failed to setgid" errors.

Causes

The problem has to do with the "suexec" utility and its lack of ability to use the SUID (Set User ID) bit. Suexec (from "Set User ID Execute") is a web server mechanism that allows CGI scripts to be executed on behalf of a specific user, rather than a generic system user such as "www-data" or "apache".

It is important to remember that misuse of these bits can cause serious system security vulnerabilities. You should always strictly monitor and restrict access to the relevant files by "setuid/setgid" privilege holders and regularly check the system’s security level.

Solution

Set the "cap_setuid" and "cap_setgid" attributes for the "/usr/sbin/suexec" executable using "setcap".

Execute the command:

setcap 'cap_setuid,cap_setgid+pe' /usr/sbin/suexec

After executing this command, restart Apache:

For Debian and Ubuntu

systemctl restart apache

For CentOS, AlmaLinux, RockyLinux, and CloudLinux

systemctl restart httpd

NOTE!

It is best to make a backup of the original executable file to restore the standard suexec operation in case of any problems.