I have created a service in which users can have their own directory on my webpage (http://mywebsite.com/username/) and run php on it, but currently it is possible to make php code to access root directory (http://mywebsite/) and change things there.
I have made a bash script which creates a user, disables shell from it, and gives it the username directory and ftp access to it's directory. Is there anything I can do to avoid users from accessing root through php?
I am running a LAMP stack with linux debian