diff --git a/install/dist/conf/debian40.conf.php b/install/dist/conf/debian40.conf.php
index fc1527558e992d1b1a9f0fcc236b09f7a7ce626b..2223e1985740ee540093eed25a3901cbd38bc159 100644
--- a/install/dist/conf/debian40.conf.php
+++ b/install/dist/conf/debian40.conf.php
@@ -76,4 +76,9 @@ $conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
 $conf['mydns']['config_dir'] = '/etc';
 $conf['mydns']['init_script'] = 'mydns';
 
+//* Jailkit
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+
 ?>
\ No newline at end of file
diff --git a/install/dist/conf/gentoo.conf.php b/install/dist/conf/gentoo.conf.php
index 6edd4baf99a6e680cc73a86444e83382be6a8597..50930c76da46c630896427c9a3000dd3c7606e31 100644
--- a/install/dist/conf/gentoo.conf.php
+++ b/install/dist/conf/gentoo.conf.php
@@ -62,4 +62,9 @@ $dist['pureftpd']['init_script'] = 'pure-ftpd';
 $dist['mydns']['config_dir'] = '/etc';
 $dist['mydns']['init_script'] = 'mydns';
 
+//* Jailkit
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+
 ?>
\ No newline at end of file
diff --git a/install/install.php b/install/install.php
index c64b25d13a76736788b25ad1d661472fa852cd20..3138ee515056bfe6bfecdda8871317b335559fd3 100644
--- a/install/install.php
+++ b/install/install.php
@@ -134,6 +134,10 @@ if($install_mode == 'Standard') {
 
 	//* Configure postfix
 	$inst->configure_postfix();
+	
+	//* Configure postfix
+	swriteln('Configuring Jailkit');
+	$inst->configure_jailkit();
 
 	//* Configure saslauthd
 	swriteln('Configuring SASL');
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 42325db5eec6c30c7ac53313ac835894918ee33b..942d03f4fa5f432b7f5bed7c4b20f693657c7d2d 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -183,7 +183,24 @@ class installer_base {
         wf($full_file_name, $content);
     }
 
-
+	public function configure_jailkit()
+    {
+        $cf = $this->conf['jailkit'];
+		$config_dir = $cf['config_dir'];
+		$jk_init = $cf['jk_init'];
+		$jk_chrootsh = $cf['jk_chrootsh'];
+		
+		if (!is_dir($config_dir))
+		{
+			copy($config_dir.'/'.$jk_init, $config_dir.'/'.$jk_init.'~');
+			copy($config_dir.'/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh.'~');
+			
+			copy('tpl/'.$jk_init.".master", $config_dir.'/'.$jk_init);
+			copy('tpl/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh);
+		}
+		
+    }
+        
 	public function configure_postfix($options = '')
     {
         $cf = $this->conf['postfix'];
diff --git a/install/tpl/jk_chrootsh.ini.master b/install/tpl/jk_chrootsh.ini.master
new file mode 100644
index 0000000000000000000000000000000000000000..cfd9e8d19832f7b6adccaf05cff2031619683df3
--- /dev/null
+++ b/install/tpl/jk_chrootsh.ini.master
@@ -0,0 +1,13 @@
+## example for a user
+#[test]
+#env= DISPLAY, XAUTHORITY
+#
+##example for a group, there should be only 1 space inbetween the words!
+#[group users]
+#env = DISPLAY, XAUTHORITY
+#
+[DEFAULT]
+#relax_home_group=1
+skip_injail_passwd_check=1
+injail_shell=/bin/bash
+env = TERM, PATH
diff --git a/install/tpl/jk_init.ini.master b/install/tpl/jk_init.ini.master
new file mode 100644
index 0000000000000000000000000000000000000000..dcfc0f35ad2373ef3efc7c9b95a2b7b4c5ab7dbb
--- /dev/null
+++ b/install/tpl/jk_init.ini.master
@@ -0,0 +1,151 @@
+[uidbasics]
+# this section probably needs adjustment on 64bit systems
+# or non-Linux systems
+comment = common files for all jails that need user/group information
+libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2
+regularfiles = /etc/nsswitch.conf /etc/ld.so.conf
+
+[netbasics]
+comment = common files for all jails that need any internet connectivity
+libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2
+regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols
+
+[logbasics]
+comment = timezone information
+regularfiles = /etc/localtime
+need_logsocket = 1
+
+[jk_lsh]
+comment = Jailkit limited shell
+executables = /usr/sbin/jk_lsh
+regularfiles = /etc/jailkit/jk_lsh.ini
+users = root
+groups = root
+need_logsocket = 1
+includesections = uidbasics
+
+[limitedshell]
+comment = alias for jk_lsh
+includesections = jk_lsh
+
+[cvs]
+comment = Concurrent Versions System
+executables = /usr/bin/cvs
+devices = /dev/null
+
+[git]
+comment = Fast Version Control System
+executables = /usr/bin/git*
+directories = /usr/share/git-core
+includesections = editors
+
+[scp]
+comment = ssh secure copy
+executables = /usr/bin/scp
+includesections = netbasics, uidbasics
+devices = /dev/urandom
+
+[sftp]
+comment = ssh secure ftp
+executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+
+[ssh]
+comment = ssh secure shell
+executables = /usr/bin/ssh
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/tty
+
+[rsync]
+executables = /usr/bin/rsync
+includesections = netbasics, uidbasics
+
+[procmail]
+comment = procmail mail delivery
+executables = /usr/bin/procmail, /bin/sh
+devices = /dev/null
+
+[basicshell]
+comment = bash based shell with several basic utilities
+executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
+regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
+directories = /usr/lib/locale/en_US.utf8
+users = root
+groups = root
+includesections = uidbasics
+
+[midnightcommander]
+comment = Midnight Commander
+executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
+directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
+includesections = basicshell
+
+[extendedshell]
+comment = bash shell including things like awk, bzip, tail, less
+executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami
+includesections = basicshell, midnightcommander, editors
+
+[editors]
+comment = vim, joe and nano
+executables = /usb/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico
+regularfiles = /etc/vimrc
+directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo
+
+[netutils]
+comment = several internet utilities like wget, ftp, rsync, scp, ssh
+executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
+includesections = netbasics, ssh, sftp, scp
+
+[apacheutils]
+comment = htpasswd utility
+executables = /usr/bin/htpasswd
+
+[extshellplusnet]
+comment = alias for extendedshell + netutils + apacheutils
+includesections = extendedshell, netutils, apacheutils
+
+[openvpn]
+comment = jail for the openvpn daemon
+executables = /usr/sbin/openvpn
+users = root,nobody
+groups = root,nogroup
+includesections = netbasics
+devices = /dev/urandom, /dev/random, /dev/net/tun
+includesections = netbasics, uidbasics
+need_logsocket = 1
+
+[apache]
+comment = the apache webserver, very basic setup, probably too limited for you
+executables = /usr/sbin/apache
+users = root, www-data
+groups = root, www-data
+includesections = netbasics, uidbasics
+
+[perl]
+comment = the perl interpreter and libraries
+executables = /usr/bin/perl
+directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
+
+[xauth]
+comment = getting X authentication to work
+executables = /usr/bin/X11/xauth
+regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
+
+[xclients]
+comment = minimal files for X clients
+regularfiles = /usr/X11R6/lib/X11/rgb.txt
+includesections = xauth
+
+[vncserver]
+comment = the VNC server program
+executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
+directories = /usr/X11R6/lib/X11/fonts/
+includesections = xclients
+
+
+#[xterm]
+#comment = xterm
+#executables = /usr/bin/X11/xterm
+#directories = /usr/share/terminfo, /etc/terminfo
+#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
diff --git a/install/update.php b/install/update.php
index 06961a07a59f076d930f9157ee7e774739841ea9..3095b04c13ef80cd91781644e5041dc8979f6485 100644
--- a/install/update.php
+++ b/install/update.php
@@ -134,7 +134,11 @@ $reconfigure_services_answer = $inst->simple_query('Reconfigure Services?', arra
 if($reconfigure_services_answer == 'yes') {
 	//** Configure postfix
 	$inst->configure_postfix('dont-create-certs');
-
+	
+	//* Configure postfix
+	swriteln('Configuring Jailkit');
+	$inst->configure_jailkit();
+	
 	//** Configure saslauthd
 	swriteln('Configuring SASL');
 	$inst->configure_saslauthd();
diff --git a/interface/bin/php-fcgi b/interface/bin/php-fcgi
new file mode 100644
index 0000000000000000000000000000000000000000..e09339df0638530d6b282dd640f633b5e617a204
--- /dev/null
+++ b/interface/bin/php-fcgi
@@ -0,0 +1,10 @@
+#!/bin/sh 
+PHPRC="/etc/php5/cgi/" 
+export PHPRC 
+PHP_DOCUMENT_ROOT="/usr/local/ispconfig/interface/web/"
+export PHP_DOCUMENT_ROOT
+PHP_FCGI_CHILDREN=8 
+export PHP_FCGI_CHILDREN 
+PHP_FCGI_MAX_REQUESTS=5000 
+export PHP_FCGI_MAX_REQUESTS 
+exec /usr/bin/php-cgi $1
diff --git a/server/conf/bash.bashrc.master b/server/conf/bash.bashrc.master
new file mode 100644
index 0000000000000000000000000000000000000000..7347074bf028472eb689ce86b0d07af314d2921c
--- /dev/null
+++ b/server/conf/bash.bashrc.master
@@ -0,0 +1,63 @@
+
+<tmpl_if name='jailkit_chroot'>
+## Hack for Jailkit User to change back to the logged in user ##
+if [ "$LOGNAME" != $USER ]; then
+ export HOME=<tmpl_var name='home_dir'>$LOGNAME
+ export USER=$LOGNAME
+ export USERNAME=$LOGNAME
+ cd $HOME
+fi
+
+## Change machine hostname to site domain ##
+export HOSTNAME=<tmpl_var name='domain'>
+
+</tmpl_if>
+
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
+
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+xterm-color)
+    PS1='\[\033[01;32m\]$USER@$HOSTNAME\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    ;;
+*)
+    PS1='\$USER@$HOSTNAME:\w\$ '
+    ;;
+esac
+
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
+    ;;
+*)
+    ;;
+esac
+
+
+# enable color support of ls and also add handy aliases
+if [ "$TERM" != "dumb" ]; then
+    eval "`dircolors -b`"
+    alias ls='ls --color=auto'
+    #alias dir='ls --color=auto --format=vertical'
+    #alias vdir='ls --color=auto --format=long'
+fi
+
+# some more ls aliases
+#alias ll='ls -l'
+#alias la='ls -A'
+#alias l='ls -CF'
+
+
diff --git a/server/conf/motd.master b/server/conf/motd.master
new file mode 100644
index 0000000000000000000000000000000000000000..7467ff3ad8b0b1f9c1657cff2b0a6add020438ce
--- /dev/null
+++ b/server/conf/motd.master
@@ -0,0 +1,4 @@
+Welcome To Site <tmpl_var name='domain'>
+
+
+
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index d8b0c06401cb9bfa090d3f2706cc0f1e8ad5c979..a5f5f428dbe5080f5b4848f36037e55e0449b174 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -385,10 +385,12 @@ class apache2_plugin {
 			$fastcgi_config = $app->getconf->get_server_config($conf["server_id"], 'fastcgi');
 			
 			$fastcgi_starter_path = str_replace("[system_user]",$data["new"]["system_user"],$fastcgi_config["fastcgi_starter_path"]);
+			$fastcgi_starter_path = str_replace("[client_id]",$client_id,$fastcgi_starter_path);
+			
 			if (!is_dir($fastcgi_starter_path))
 			{
-				exec("mkdir -p $fastcgi_starter_path");
-				exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." $fastcgi_starter_path");
+				exec("mkdir -p ".escapeshellcmd($fastcgi_starter_path));
+				exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($fastcgi_starter_path));
 				
 				
 				$app->log("Creating fastcgi starter script directory: $fastcgi_starter_path",LOGLEVEL_DEBUG);
@@ -403,7 +405,7 @@ class apache2_plugin {
 			$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
 			$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
 				
-			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path."/".$fastcgi_config["fastcgi_starter_script"]);
+			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
 			file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
 			unset($fcgi_tpl);
 			
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index a74f1712ff59fac50a443185ce2ce495fbb80303..6a35f9593e1f949d566c3eeaf39d7a9f877a2228 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -100,6 +100,9 @@ class shelluser_jailkit_plugin {
 	}
 	
 	//* This function is called, when a shell user is deleted in the database
+	/**
+	 * TODO: Remove chroot user home and from the chroot passwd file
+	 */ 
 	function delete($event_name,$data) {
 		global $app, $conf;
 		
@@ -110,7 +113,8 @@ class shelluser_jailkit_plugin {
 			
 			$jailkit_chroot_userhome = $this->_get_home_dir($data['old']['username']);
 			
-			exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
+			//commented out proved to be dangerous on config errors
+			//exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
 			
 			
 			$app->log("Jalikit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);
@@ -135,6 +139,36 @@ class shelluser_jailkit_plugin {
 				
 				$this->_add_jailkit_programs();
 				
+				//add bash.bashrc script
+				//we need to collect the domain name to be used as the HOSTNAME in the bashrc script
+				$web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"]));
+				
+				$this->app->load('tpl');
+		
+				$tpl = new tpl();
+				$tpl->newTemplate("bash.bashrc.master");
+				
+				$tpl->setVar('jailkit_chroot',true);
+				$tpl->setVar('domain',$web['domain']);
+				$tpl->setVar('home_dir',$this->_get_home_dir(""));
+				
+				$bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc';
+				exec('rm '.$bashrc);
+				
+				file_put_contents($bashrc,$tpl->grab());
+				unset($tpl);
+				
+				$this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);
+				
+				$tpl = new tpl();
+				$tpl->newTemplate("motd.master");
+				
+				$tpl->setVar('domain',$web['domain']);
+				
+				$motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd';
+				exec('rm '.$motd);
+				
+				file_put_contents($motd,$tpl->grab());
 				
 			}
 	}
@@ -174,15 +208,16 @@ class shelluser_jailkit_plugin {
 				
 				$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
 				
-				exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_userhome);
-				exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_userhome);
+				exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));
+				exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));
 				
 				$this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);
 				
-				exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_puserhome);
-				exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_puserhome);
+				exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome));
+				exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome));
 				
 				$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
+				
 			}	
 	}