ok i have a general question about security here.

does everone who hosts here, put the users sites in the persons home directory???

for example, say we had a user called 'chris'

is it safe to do this:

have his ftp point to
/home/chris

store site in:
/home/chris/www

the question is, when you create a user, on redhat, doesn't it copy users files like .Bash etc to the home directory???

is it safe to have the user ftp into that directory???

also, i plan on using exim mta. and i think it stores mail in /home/chris/inbox

wont he see the inbox folder or file, and be able to delete it???

thats what im confused at.

I have a redhat server now, and i messed it up completly. This time, i want to get it setup correctly (im formatting it tomorrow).

Thanx

I would store websites on a seperate partition and mount it with nosuid, nodev, and possibly noexec. You normally want 700 permissions on the home dir so users cannot view what is in other users home dir. I suggest using the maildir format for exim. So in your transport section add maildir_format for that. To answer some of your questins, when you create a user, anything in /etc/skel gets copied to their home directory. It is safe to have users ftp into their home directory but they wont be able to see their mail directory cause it would be .maildir which is hidden. If you are not giving them shell access, there is no point in creating system accounts for them. Easy to store all user info in a database. Proftpd and exim can both use a database for virtual users.