PHP/Server permissions

[eepp]

Hi eventual helpers. I have a particular problem and didn't find anything helpful on the net (or maybe I don't know how to search properly for that matter). So, I recently bought a Web hosting plan on fatcow.com, and I have the opportunity to park as many domains as I want. That's what I did, with, for the moment, two domains (let's call them foo.ca and bar.ca). How FatCow works is that it creates a directory in the root of your account which has the following syntax: "[domain name with extension]-redirect". So now, I have in my root directory the two folders "foo.ca-redirect" and "bar.ca-redirect". When I go to foo.ca, I fall into the files and scripts in "foo.ca-redirect".

 

PHP CGI access is activated everywhere, and here's my problem: I created a custom FTP account for someone owning bar.ca so when the guy connects, his root "/" is right into the "bar.ca-redirect" directory (but he does not see that). But if he wans, this guy can upload a file destroy.php in his root which contains something like:

 

<? unlink("../foo.ca-redirect/index.php"); ?>

 

... and this is where I find that dangerous (in other terms, he can do absolutely anything he likes in any other parked domains with a script).

 

So, is there any way (with Apache .htaccess, PHP.ini (I have access to editing this file) or simply UNIX permissions) to make the scripts contained in a specific directory only capable of playing with files and folders in that directory (and sub-directories)?

 

Thanks for your help!