We have a webserver for our users personal web space. I am interested in what you all have done in locking down your users personal web space. We are allowing cgi's and it concerns me. The users directories are all owned by the same user, the user does not have a real account on the box. We are using the virtual user proftp stuff so that real users arent needed. As a consequence I cant use apache's SUexec since it would try to run the .cgi as a user that doesnt really exist. I was thinking it might be possible to chroot apache and provide a seperate version of perl inside the apache chroot'd area. If that would work I wouldnt have to worry about permissions and other things on the box. But for some reason I dont think it would work. Advice appreciated.