Thank you. Currently, with high security sites, they are set to use the CGI version of php while locked in a chroot jail, am I correct in saying? Also, the suexecUserGroup is set to the domain owner, for example: suexecUserGroup admin6 admin6 Code (markup): This is great, and highly secure (server-wide)... however, each file in the users home directory is also owned by the owner of the domain. This opens up the possibility of a broken script, which say allows upload by external users to delete all files in that users domain, even if write permissions are not set on that file... simply because the PHP process also is run by the domain owner. Is it possible to run the PHP scripts under a different user on that domains virtual file system? I have tried changing this in the apache conf using suexecUserGroup and creating a user on the server, however I am getting error messages in suexec log something similar to "not in doc root"... etc. What I want to do really, is create a user in the virtual filesystem of that domain and then set that to run as the apache suexecUserGroup. Any ideas? I hope this makes sense. Thank you for your help.