
                      CGIWrap - Chroot Implementation
     _________________________________________________________________

   Note - This facility is for expert administrators only, cgi scripts
   will not work AT ALL if you don't do this right.
     _________________________________________________________________

   The chroot facility in cgiwrap is built on a loopback filesystem
   approach. What this means is - cgiwrap expects an equivalent
   filesystem structure inside the chrooted area as is outside. The
   prefix specified with --with-chroot=PATH should point to the top of
   your chrooted area.

   Within the chrooted area, you should place any
   executables/libraries/tools that you want available to cgi scripts.
   For the user data within the filesystem I suggest you use a loopback
   NFS mount. Is suggest using the nosuid and nodev options on the mount
   for additional protection.

   For optimum protection, you might also consider using a loopback NFS
   mount for the top level of the chroot area as well, mounted with the
   'ro' mount option. This will prevent ANY changes to that filesystem.

   Note, this is not as secure as some chroot facilities, but it is more
   secure than the basic cgiwrap setup. For additional security, it is
   recommended that user home directories have NO world/other permissions
   set.
