Bob,
The web server user needs to be able to access the backuppc software and daemon. You can handle this different ways (i.e. setuid, etc), but I'm always running just the backuppc daemon on my backup server. I just change the web server user and group to my backuppc user to make things easy. You can change this in your apache conf (/etc/httpd/conf/httpd.conf on CentOS) if that will work for you.
User backuppc
Group backuppc
You also need some adjustments to the cgi-bin config for apache. I setup a basic http passwd file so that authentication to the backuppc web interface is required. Again, this configuration is in the httpd.conf file.
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/var/www/cgi-bin">
AuthType basic
AuthName "BackupPC"
AuthUserFile "/etc/httpd/conf/backuppc_passwd"
Require valid-user
Order allow,deny
Allow from all
AllowOverride None
Options None
#Require all granted
</Directory>
If you want to create the password file, use the command "htpasswd". You can run:
# htpasswd -c /etc/httpd/conf/backuppc_passwd [username]
The -c option means "create a new file". You should leave it off after the first time, if creating multiple users and passwords.
David