We have a webserver for our users personal web space. I am interested in 
what you all have done in locking down your users personal web space. We 
are allowing cgi's and it concerns me.

The users directories are all owned by the same user, the user does not 
have a real account on the box. We are using the virtual user proftp 
stuff so that real users arent needed. As a consequence I cant use 
apache's SUexec since it would try to run the .cgi as a user that doesnt 
really exist. I was thinking it might be possible to chroot apache and 
provide a seperate version of perl inside the apache chroot'd area. If 
that would work I wouldnt have to worry about permissions and other 
things on the box. But for some reason I dont think it would work.

Advice appreciated.