I am going to host a few small sites on VPS, and each of them are going to run my own custom PHP scripts. I am fairly certain that they are secure (did everything in the book, plus some of which is not in the book) to make sure they can't be exploited. But just to be safe I want to know how I could secure each of the virtual hosts so that they can't escape from there virtual host (if a hacker uploaded a shell they could not go above the www folder a legitimate user can't do in ftp no matter how many times they click ..) folder on Debian and Apache.
SnapOverflow
chrooting the scripts, but that means a lot of management overhead for creating and maintaining thechrootenvironments.You could run each one as a different user and use suexec. This is painful, and means php cannot run as mod_php, but instead has to run as a CGI script.
Otherwise, I think it's rather difficult to 100% ensure that a security hole in one script cannot interfere with another using PHP.