Hello! Basically, I've been running Apache with an suexec that chroots users for a while. Each user has their own mini-environment, with their own php binary. This seems great for security.. if there's a php bug or something, one site might get defaced, but it limits them from expanding to the system. The problem is, with a decent amount of traffic, this is faaar too much overhead. At X many pages per second, suexec spawns a php binary for every php script, and those eat up CPU. I need to know how to run something like fast-cgi. I need a central php/perl interpretar that is still secure in that user's can't access anything outside their own directory structure. Basically, as I see it, it would work like this, request is made to vhost, some wrapper opens a connection to the fast-cgi daemon, passes the scriptname, uid, gid. FastCGI then goes to their webspace and execs the script as them, chrooted to their dir. So it runs as it would if they had their own php binary, but everyone shares the same binary through the fastcgi daemon. mod_fastcgi, afaik, won't work under this setup, because the php script is disconnected from apache and can't pass it's calls to fastcgi back up... I could be wrong about that, but I tried it, and could not get it to function at all. ---- My question is, can I still chroot like this? Can I make fastCGI chroot the script to it's home dir? If not, that kind of negates having a chroot at all. I'm open to all thoughts and suggestions! I'm really hoping someone here runs some webhosting, or is big into administration and can lend me some tips and hints. Thanks!