From what I can see, ngnix is now the web server of default with this release. I know with OpenBSD’s apache before it was a fully chrooted instance — is this the case now? (sorry, haven’t had time to plan with -current)
Yes, as mentioned by qbit, it does chroot. Here’s an excerpt from nginx’s OpenBSD man page:
-u By default nginx will chroot(2) to the home directory of the user
running the daemon, typically ``www'', or to the home directory
of user in nginx.conf. The -u option disables this behaviour,
and returns nginx to the original "unsecure" behaviour.
It does chroot ( by default the /var/www – the home of the www user )
There isn’t really a default since neither is enabled by default, but both are available in base now (Apache using /etc/rc.d/httpd, nginx using /etc/rc.d/nginx).
Metafilter and Pinboard have approaches which may work — small, upfront cost for joining, something to offset hosting fees. Pinboard
For Metafilter, at least – I think the joining fee is mostly to encourage higher quality participation.
Matt Haughey – the creator of Metafilter
The $5 one-time fee to participate (beyond reading for free) isn’t really part of any business model. It doesn’t bring in enough revenue to even cover hosting costs, but it lessens the load on myself and the other moderators, it
virtually rids the site of drive-by fly-by-night spammers, and it helps make sure people really, really want to be
If someone’s entire invite tree is at risk, that’s presumably not an issue here