virtual server - security

["Serban Gh. Ghita" <sasa () stonet ro>]

Hello

I am banging my head on the table every day, because i cannot find an
elegant and safe solution to secure a virtual shared environment (server).
Take the following facts:
-you have a virtual server (unix) and you have to take care of a lot of
clients.
-no one has acces to shell, cronjobs or stuff like that, only 21 and 80
-you dont want anyone to get out of his 'box' (eg /home/sasha/)
-you want to allow php, perl or other web languages to run safely and in the
same time will _almost_ all features.
-in php (because this is the one of the most user language for web - for
mostly endusers), i have options like safe_mode, but if i activate that,
many functions and features will not work. i know (because i tested) that
the best solution is open_basedir, but i cannot create an restriction like
that for each user, or at least i dont know how to do that.

My problem is that i tested some script-kiddies local exploits (php,perl)
and the system is vulnerable, the user can get out of his box and see system
files (etc/passwd, other dirs).

What are the options here. Any paper or book written about this?

Thanks

Serban Gh. Ghita