If a CGI script can't be read by lightty, then it can't be run, even via a SuEXEC wrapper. You get a 403 error. The SuEXEC wrapper never gets run - lightty just returns a 403.
If you're running under FastCGI, then this is solved with the "broken-scriptfilename" => "enable" option which makes lightty skip its check. However, for normal CGI, there is no such option.
I have websites with only one or 2 PHP scripts (e.g. a contact form). I don't have resources to allocate permanent FastCGI processes to these, but I do want them suexec'd under their own username. I just want them to fork a CGI process. However, it doesn't seem to be possible... :-(
