in reply to Privilege elevation
If you're running Apache, check out suexec. It allows the "apache" user to execute CGIs that are owned by another user, as if Apache were su-ing to that user just to run the CGI script.
It requires that you have Apache set up to recognize an html directory for each user (/home/userFoo/public_html, or the like), and a cgi directory for each user. The users can access that directory by going to your URL, but with ~username at the end:
There are some rather strict requirements for suexec to work. They're listed in the suexec page ref'd above.