[PLUG] Outside the document root problem.

[michael]

I have proprietary programs under /opt/apex/bin, configuration files 
under /opt/apex/etc.

I have a web server running under /var/www.

The web server runs php scripts that need to read the config files under 
/opt/apex/etc and
the php scripts need to exec some of the binaries in /opt/apex/bin.

I know there are ways to access configuration files and programs from 
Apache outside the document
root, but how best to set that up?  I'm thinking of creating a group 
that Apache will have as a
secondary group and setting that group on the binaries.  For giggles, 
let's call that
supplementary group experiment1.  So how can Apache run binaries that 
are set up as group
experiment1?  I'm thinking the binaries will be like so:
...
rwxr-x--- pi experiment1 6269 Jan 24 17:25 /opt/apex/bin/udp_client
...

An Apache script running under user www-data group www-data will
have the following in it:
...
shell_exec("/opt/apex/bin/udp_client $localIP $controllerPort \"/MoveI 
$x,$y\"");
...

The goal here is to get the permissions and supplementary group correct 
so Apache can
run the program.  The program is outside Apache's document root.  The 
goal here is to
do this in a safe and straightforward manner.

I need to know how to set up experiment1 as a supplementary group of 
www-data or Apache.

I need to know how to allow Apache to access executables in a specific 
location outside
the document root.  Preferable to use relative paths.  Can php scripts 
use something similar
to the bash PATH environment variable?