Does that leave permissions to restrict access then? I'm not exactly sure how this works, so bare with me.
So, apache runs as usual. When a php script is executed, apache calls suphp (or suexec) which launches php under the respective user id. PHP then interprets the script. Now assuming permissions are set somewhat intelligently, doesn't that leave some "sensitive" files readable like /etc/passwd and the like?
I like the peace of mind of knowing that users are jailed within their directory and able to frolic all they want without harming any part of the system. Is there anyway to provide this level of security within ISPConfig?