Apache Security Issues

What is the best way to secure apache?
If you add a hosted account user lets say Bob.
His domain is 123.com.
So you chroot him to /home/123.com/www, and the directory is owned by bob:nobody, but is that the safest way ?
By having nobody as the group, couldn't everyone possibly see others info ? ( not from ftp because of chroot) but via scripts etc ?
I have read some stuff about apache running an suexec or something, but am not sure...

Thanks

 

 

 

 

Top