Hello Barry!



 ML> moderately complex process of running them "in jail".
 ML> As I understand it, users are set up that own the various processes and
 ML> their files and are give fake root directories with the chroot
 ML> command, or some variation thereof.  An intruder cannot get past 
 ML> the fake root into the actual system, or so I'm told.
 ML> Have you considered something like this?

 BB> this is the first I have heard of this process... I'll mention it
 BB> to him though..

Just ran across a description of this very thing in the book "DNS for
Dummies"!  And indeed, a user called "named" was created and
given a root directory, rights and ownership over certain files.  Those
files, directories and subdirectories were moved or copied into the fake
root and their configs adjusted accordingly, etc., etc.  

Your friend probably can give you a better idea of how this works, since I,
as I said before, am not running Linux.  But I hope this is of some help.

Have a fantastic day!

Best regards,
Marc

... Never do card tricks for those you play poker with.
--- timEd/2 1.10.y2k+