httpd changes By default, httpd jails inside in /var/www -u flag indicates "turn off this feature" Before self-jailing: modules are loaded Things which need write access (logs) /dev/*random, /dev/log Automatically translates paths inside configuration file Most people do NOT run cgi Most people do NOT run php For those who do not, this is a more secure choice.