If you are talking about a publicly accessable web
server, you should consider running the web server (eg
apache) in a chroot environment. The use of systrace is
recommended too (it filters the syscall use).

-DBC