Can I make my site completely safe by running the server in a “chroot” environment?
You can’t make your server completely safe, but you can increase its security significantly in a Unix environment by running it in a chroot environment. The chroot system command places the server in a “silver bubble” in such a way that it can’t see any part of the file system beyond a directory tree that you have set aside for it. The directory you designate becomes the server’s new root “/” directory. Anything above this directory is inaccessible. In order to run a server in a chroot environment, you have to create a whole miniature root file system that contains everything the server needs access to. This includes special device files and shared libraries. You also need to adjust all the path names in the server’s configuration files so that they are relative to the new root directory.
