Re:security: 5 minutes howto on hacking linux websites in HC8
well, I cannot really say to much about how to fix it since Im not sure what is needed and why you have done what you have done.
if the server is only running php you can, as some one was already writing about, look at su_php. One simple inprovement would be to implement open-basedir option. Make a setting to use openbasedir in the admin. The admin should have two imput - a checkbox for enable/disable openbasedir and a textfield where the admin can add dirs to add to the openbasedir setting appending to the root of the webhotel.
its really HC how should be the best to say why things like /webspace is world readable AND writable. Since the hole path into every. If its not apache running the adminscripts - why is there a need to have /webspace other than ug+2rx,o-rw (saying "others" should only be able to Xcute into the dir - not read the dir and absolutly not write it.
but openbasedir settings in httpd.conf