Hi, I am trying to chroot services via Marc's compartment. For instance for chrooting apache I think I understood the need for -cap CAP_NET_BIND_SERVICE since the port binding is below 1024. Hovever I do not want to have root running the services. From reading the README file I should be chowning the directories to something other then root. The README file refers to capability.h file for further reference yet it sounds Greek to me. Again from the README I understand that I can not use --user --group with 2.2.x kernels . I have found a document at ftp://ftp.guardian.no/pub/free/linux/capabilities/capfaq.txt describing the capabilities. Yet is there a plain english bersion that I could not locate or what are the best uses of these for apache and proftp Thanks -- Togan Muftuoglu