The suEXEC feature consists of a module for the web server and a binary executable which acts as a wrapper.

If a client requests a CGI and suEXEC is activated, it will call the suEXEC binary which then wraps the CGI scripts and executes it under the user account of the server process (virtual host) defined in the virtual host directive.

[1] Additionally, suEXEC perform a multi-step check on the executed CGI to ensure security for the server (including path-checks, a limit of permitted commands, etc.

)[2] User "Alice" has a website including some Common Gateway Interface script files in her own public_html (a common web root directory name) folder, which can be accessed by https://example.com/~alice.

User "Bob" now views Alice's webpage, which requires Apache to run one of these CGI scripts.