One of Unix's oldest security mechanisms is the idea of a changed root, or chroot, which confines a user or program to a subsection of the filesystem to protect other users and the rest of the filesystem. chroot is useful for services such as named(8), but isn't so helpful for complicated programs that expect to have wide access to the system. chrooting your web or email server requires a great deal of work and often involves adding many programs to the chroot. If you're a web hosting company, your clients certainly won't like being chrooted!

What's worse, clients who understand the power of Unix-like systems frequently make requests to complicate things further. They want to install software or reconACKNOWLEDGMENTS the web server to enable ...

Get Absolute FreeBSD, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.