I located a php file browser on a customers web site. This browser allowed anyone to browse through the entire file system of the hosting server. Standard permissions applied, and it would seem nothing bad has happened. My concern is that if a user has something like this, or their site allowed someone to upload something like this, it could put the whole server at risk. I understand there is a chroot for SSH, would it be a good idea here? If so, can I implement it on an active server?