Toni Mueller wrote:
To me, this currently comes down to using unique user and group ids for individual web site instances, and then chroot each server into their respective tree where the requirement for reading other people's data is to break out of the chroot first.
This can be done with the default chroot as long as you dont allow your users to run any cgi's. Just make each vhosts docroot be owned by the user and readable by the www group and you're set. If you're hosting PHP sites you also need to remember to set (and enforce) open_basedir for the vhosts.
--- Lars Hansson
