You can use a suid perl/apache but don't do it that way. The best way (IMHO) is to give the web server process permission to execute the program via sudo/sudoers. For example

[root@devel3 log]# cat /etc/sudoers
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers f
+ile.

# let apache send HUP to squid
apache ALL=NOPASSWD:/home/www/utility/sendHUP.pl


[root@devel3 log]# ll /home/www/utility/sendHUP.pl
-rwxr-xr-x    1 apache   coders       1114 Mar 10 02:43 /home/www/util
+ity/sendHUP.pl


[root@devel3 log]# cat /home/www/utility/sendHUP.pl
#!/usr/bin/perl -w

# this script need to be run as root, to do this we add an entry to
# /etc/sudoers so that apache can run it (you edit using visudo)
# visudo -f /etc/sudoers
# add this line
# apache ALL=NOPASSWD:/home/www/utility/sendHUP.pl
# call as system('sudo', '/home/www/utility/sendHUP.pl');

(kill HUP, $PROGRAM) or exit 42;
exit 0;
[download]

My webserver runs as apache, but yours may be nobody or something else. What the line in sudoers does is allow apache to *potentialy* run the sendHUP.pl with root privileges. This is required to send (in this case squid) a HUP signal. Note that the actual sendHUP.pl script is not owned by root or suid. It is just a normal script. Note also you need to call this with system( 'sudo', '/some/prog.pl' ) from within your script to execute the program with root privilege.

So by using sudo/sudoers you can limit the webserver to being able to execute as little as a single command/program as root which is better than letting it be able to execute lots of stuff which is quite possible if you go the suid root (route ;-)