SSH, users from web1 can read files from web2, web3, web4
I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.
All website have Config.php files and those should be private files (db user and password is there)
Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.
What can i do to dissallow this?