diff --git a/book/installation.rst b/book/installation.rst
index 20ed7537f91..12e25a50e76 100644
--- a/book/installation.rst
+++ b/book/installation.rst
@@ -228,6 +228,12 @@ If there are any issues, correct them now before moving on.
     configuration (e.g. commonly httpd.conf or apache2.conf for Apache) and setting
     its user to be the same as your CLI user (e.g. for Apache, update the ``User``
     and ``Group`` values).
+    
+    .. caution::
+    
+        If used in a production environment, be sure this user only has limited privileges
+        (no access to private data or servers, launch of unsafe binaries, etc.)
+        as a compromised server would give to the hacker those privileges.
 
     **2. Using ACL on a system that supports chmod +a (MacOS X)**