why- Open BSD .rocks

Chrooted webserver by default (∞)

By default, HTTP daemons are chrooted in /var/www. As an OpenBSD system administrator, you don’t need to configure anything to have a secured webserver installation running.

This is also true for HTTP daemons from packages (apache2, nginx).

$ getent passwd www
www:*:67:67:HTTP Server:/var/www:/sbin/nologin

Details: