On our platform each site's htdocs etc has it's own user. This means if one site is compromised, the others should be fine.

在我们的平台上，每个站点的 htdocs 等都有自己的用户。这意味着如果一个站点受到威胁，其他站点应该没问题。

If this is a small number of large sites, you may find that splitting your server into multiple VMs using something like Xen is a better option than simply segregating by user. This will improve the isolation of your sites, and make it easier to move a site to its own hardware if, in future, one starts to become much heavier on resource usage than the others.

如果这是少数大型站点，您可能会发现使用 Xen 之类的东西将服务器拆分为多个 VM 比简单地按用户隔离更好的选择。这将改善站点的隔离性，并且如果将来某个站点的资源使用量开始变得比其他站点重得多，则可以更轻松地将站点移至其自己的硬件。

I assume you don't want to go crazy and get WHM for cPanel and may want to do this inexpesnively.

我假设您不想发疯并为 cPanel 获取 WHM，并且可能希望以低廉的价格完成此操作。

I think its a best practice to have each user access their space from their own username and group - especially if unrelated users may be using the webserver.

我认为最好的做法是让每个用户从他们自己的用户名和组访问他们的空间 - 特别是如果不相关的用户可能正在使用网络服务器。

If you have over 10 domains and users and want to keep accounts segregated to their own space, I would consider using Webmin with VirtualMin installed on the server. This easily handles these type of issues, within a nice, free install. Otherwise, you'll have to purchase a commercial product or handle everything manually - a real pain, but it can be done (not recommended for a commercial venture).

如果您有 10 个以上的域和用户，并且希望将帐户隔离到他们自己的空间中，我会考虑使用 Webmin 并在服务器上安装 VirtualMin。这可以轻松地在一个不错的免费安装中处理这些类型的问题。否则，您将不得不购买商业产品或手动处理所有事情——这确实很痛苦，但可以做到（不推荐用于商业风险）。

Also, Xen and VMS might be overkill, but also not as easy to manage as Webmin/VirtualMin for 10-100+ accounts.

此外，对于 10-100 多个帐户，Xen 和 VMS 可能有点矫枉过正，但也不像 Webmin/VirtualMin 那样易于管理。

The best choice is create VirtualHost for each domain using Apache with suPHP module. By this way, each site will be owned by an user and run with that user's permission. Webroot of each site should be put under user's homedir to prevent local attack.

最好的选择是使用 Apache 和 suPHP 模块为每个域创建 VirtualHost。通过这种方式，每个站点都将归一个用户所有，并在该用户的许可下运行。每个站点的webroot都应该放在用户的homedir下，以防止本地攻击。

If you use the same user for every websites, that means user from websiteA can access read/write to files of websiteB.

如果您为每个网站使用相同的用户，则意味着来自网站 A 的用户可以访问对网站 B 文件的读/写。

I did some kind of small level hosting over several years and my answer is "It depends".

几年来我做了一些小规模的托管，我的回答是“这取决于”。

First of all there is a difference between Apache Module (mod_php). CGI and FastCGI. A good list with all the pros and cons could be found here: Apache php modes

首先，Apache Module (mod_php) 之间存在差异。CGI 和 FastCGI。可以在此处找到包含所有优缺点的完整列表： Apache php 模式

When it comes to security all of the modes have pros and cons.

在安全性方面，所有模式都有利有弊。

Since we only hosted a relatively small amount of Domains with moderate traffic I decided to stay with mod_php and used vhost configuration.

由于我们只托管了相对少量的流量适中的域，我决定继续使用 mod_php 并使用 vhost 配置。

I also used different FTP users for each vhost root dir (of course).

我还为每个 vhost 根目录使用了不同的 FTP 用户（当然）。

Configuring vhosts (one per customer) allows you to switch off domains the easy way without digging your way through a ridiculously big httpd.conf and producing errors on the way.

配置虚拟主机（每个客户一个）允许您以简单的方式关闭域，而不会在一个荒谬的大 httpd.conf 中挖掘自己的方式并在途中产生错误。