Just wondering why I'm able to create a cgi script that can browse the any of the files in the chroot environment?? Below are the settings I'm using for the server. The document root for the test website is owned by user other than the LSWS. (Server) Enable chroot Yes (VH) CGI Set UID Mode DocRoot UID (VH) CGI Chroot Mode Same as Server Context /cgi-bin/ is set as follows Allow Set UID N/A Why can I browse files in other directories? I should be locked into my doc root..