I am trying to setup something like:
a.site.com b.site.com c.site.com
Now, I want the data in a.site.com to be completely independent of b.site.com. Basically, I want to be able to provide FTP access for a.site.com to client A and b.site.com to client B. If a client is malicious, then he should only be able to access his own site and should not be able to interfere with b.site.com.
How do I achieve this? I know it is possibly related to settings in Apache but am not sure. Also, how do I programmatically create these subdomains?
If you want to provide FTP access, there are two issues:
For FTP access, you can use vsftpd and its chroot option. I have no further experience with this, so I cannot give more details.
For PHP access, you can set up a chroot jail for different sites. This is done with PHP-FPM server module.
This chroot setup is quite tricky to get right, I spent many hours tweaking before I got it to work.
You have to configure chroot operation in PHP-FPM configuration file. You will specify a separate PHP process pool for every domain, each one of those living in their own chroot jail.
Then, you have to create a chroot environment for every site. This environment contains system libraries, configuration files etc. There are several tools for helping with creation of chroot environments.
Finally, you have to configure Apache to pass PHP scripts for each domain to respective PHP-FPM via FastCGI interface.
Regarding programmatically creating subdomains, Puppet is a useful tool for that. However, you might have to create the scripts yourself to manage your setup.