diff --git a/suexec.c b/suexec.c
index 6906c3d69fdb65cad0b15ac7a75b0ed599dfb65f..f2360edc150bbbc2667a0991d242ed2dd5315186 100644
--- a/suexec.c
+++ b/suexec.c
@@ -24,7 +24,8 @@
 #include <time.h>
 #include <unistd.h>
 
-#define SUEXEC_CONFIGURATION "/etc/apache2/suexec-sandbox.conf"
+#define SUEXEC_CONFIG "/etc/apache2/suexec-sandbox.conf"
+#define SUEXEC_CONFIG_DIR "/etc/apache2/suexec-sandbox.d"
 #define DEFAULT_SAFE_PATH "/bin:/usr/bin"
 
 #define MAX_ENV_SIZE 256
@@ -32,6 +33,7 @@
 
 struct config {
   char *path;
+  char *root;
   char **allowed_cmds;
   int num_allowed_cmds;
   char **docroots;
@@ -127,9 +129,6 @@ static int read_config(const char *path, struct config *config) {
   int r = 0, lineno = 1;
   FILE *fp = NULL;
 
-  // Set defaults.
-  config->path = DEFAULT_SAFE_PATH;
-
   fp = fopen(path, "r");
   if (!fp) {
     log_printf("Could not open configuration file %s", path);
@@ -148,6 +147,8 @@ static int read_config(const char *path, struct config *config) {
 
     if (!strcmp(key, "path")) {
       config->path = strdup(value);
+    } else if (!strcmp(key, "root")) {
+      config->root = strdup(value);
     } else if (!strcmp(key, "allowed_cmd")) {
       r = config_add_allowed_cmd(config, value);
     } else if (!strcmp(key, "docroot")) {
@@ -176,7 +177,9 @@ static int read_config(const char *path, struct config *config) {
 
 static const char *const safe_env_lst[] = {
     /* variable name starts with */
-    "HTTP_", "SSL_",
+  "HTTP_", "SSL_",
+
+  "PHPRC=",
 
     /* variable name is */
     "AUTH_TYPE=", "CONTENT_LENGTH=", "CONTENT_TYPE=", "CONTEXT_DOCUMENT_ROOT=",
@@ -226,7 +229,7 @@ static int clear_env(struct config *config) {
     return -1;
   }
 
-  sprintf(pathbuf, "PATH=%s", config->path);
+  sprintf(pathbuf, "PATH=%s", config->path ? config->path : DEFAULT_SAFE_PATH);
   cleanenv[cidx] = strdup(pathbuf);
   if (cleanenv[cidx] == NULL) {
     log_println("failed to malloc memory for environment");
@@ -333,6 +336,7 @@ int main(int argc, char **argv) {
   int target_uid;
   int target_gid;
   char *cmd, *real_cmd;
+  char user_config[512];
 
   // Create a new config and initialize it to nil.
   struct config config = (const struct config){0};
@@ -378,7 +382,7 @@ int main(int argc, char **argv) {
   }
 
   // Read configuration file.
-  if (read_config(SUEXEC_CONFIGURATION, &config) < 0)
+  if (read_config(SUEXEC_CONFIG, &config) < 0)
     exit(102);
 
   // Clean the environment.
@@ -395,6 +399,10 @@ int main(int argc, char **argv) {
     exit(104);
   }
 
+  // Read the user-specific configuration, if any.
+  snprintf(user_config, sizeof(user_config), SUEXEC_CONFIG_DIR "/%d", target_uid);
+  read_config(user_config, &config);
+  
   if (check_cwd(&config) < 0)
     exit(105);
 
@@ -406,7 +414,8 @@ int main(int argc, char **argv) {
                           real_cmd, (argv + 3)) < 0)
     exit(106);
 
-  // sandbox_config.mount_dir = "/home/ale";
+  if (config.root)
+    sandbox_config.new_root_dir = config.root;
 
   if (sandbox_start(&sandbox_config) < 0)
     exit(107);