I have a few important documents that I keep owned by www-data (apache's user) in my /var/www/ folder. They have to be www-data because PHP will write to them at times.
I also have users who access the system in /home/ ... They have access to make websites but are FTP rooted to their home directory, however.
I think it would be possible to simple make a PHP file that lets them read most of my /var/www/ PHP files, and not to mention write/delete my www-data owned files.
How can I get PHP and every other command to jailed to the users home directory?