Sympal runs in a very secure (no, this is not an invitation ;) ) chrooted server environment. Having it all chrooted is nothing new and it is not too hard all together. Especially if you run on a very well designed system like Debian.
Here are some hints and notes for others looking at chrooting their Drupal environment:
- If you use symlinks to point your multi-sites sites to other directories, make sure they are inside the chroot, and make sure you use only relative symlinks.
- Image module has hard times, because it depends on convert. Make sure you either run it all with only GD (heavier server load, though) or that you add imagemagick to your chroot. In Debian you need to
cp -r /usr/bin/convert /var/www/bin/ cp -r /usr/lib/ImageMagick-6.0.6 /var/www/usr/lib/ImageMagick-6.0.6
- Sendmail is chrooted too, this can be rather complex. You can either copy the sendmail binary to your chrooted bin directory, or write a wrapper script that delivers the mail to localhost:25, so over a local network connection. Make sure that your real postfix allows relaying from the chrooted domain (most probably you only need to add 'localhost' to your "mydomains").
Hope this helps others. If you have tips or better tricks, please share them! I am curious on how to make this better, and we might even turn this into a real Drupal handbook page one day.