I'm a complete nginx convert - took a couple of days, but with the guides here and elsewhere, I've got nginx+vsftp running 4 sites: 2 busy wordpress installs and a reasonably busy (20 or so on at any one time) phpbb forum. All rewrites working. And it doesn't even make an Amazon ec2 free micro instance break a sweat - the previous Apache2 config was bringing it down 5 times a day. nginx FTW by a mile, and service apache2 stop FTMFW! The problem is, I've had to drop ispconfig, which is a shame. So I'm only missing one gap in my linux newbie knowledge now, with relation to security. In the situation I have now, all sites run the same user, and with ftp I log into the web root. What's I'd prefer to do is have the ispconfig model of each site having its own user and group, so, I suppose, if someone hacked one site, they couldn't hack files of another site. And here's where no amount of googling will turn anything up. Any ideas?