I am configuring a server right now and security is the current step. For the first I was trying to have /bin/rbash instead of /bin/bash for every user so their account was very limited. I did so their home dir was /home/user/public_html but when I tried to access their homesite through http://ip/~user I couldn't see their stuff. Now I heard that chrootjail was alternative instead of rbash. Do someone know here where I can get a good manual to chroot or if someone can explain how to do it.

read the openBSD manuals for apache, it does a chroot jail by default so it's a good place to start.

Eken,

Another option would be looking into using jails (that is for FreeBSD, but linux has something very similar but alas I forget what its called). Just a brief overview, a jail is basically an entire OS running inside another OS. Its really ideal to use something like this for a couple of major reasons: They can crack that su password for the jail, but they still won't have the root for the main machine (ie layers to get to the root machine); If it does get hacked and fubared, just restart the jail; Also, its practically impossible to get root on the physical machine from a jail; You can create multiple jails, so you can have one jail with your apache server, and another one running a mail server, etc. The only difference I know of between FreeBSD's jails and the linux brand is that in FreeBSD you can run any kernel less than the one on the current machine. This is very cool, and i'll give you a for instance: If you originally had a server running the very stable 4.x branch, you can create a jail and have this perform appropriately. If you want to update to the 5.x, you can create another jail (and since it has its own ip address, you can configure your setup so the two don't conflict but you can still test) and have it run a 5.x and setup that portion of the server appropriately. The documentation for it is all in the handbook and its pretty simple to understand.

-brad

Thanks for the answers! I will try what you said.