I'm trying to come up with a solution which allows me to implement directory-based access control. Here is an example: I have several domains domain1.com domain2.com ... domainN.com I have SuExec enabled to make sure that users can only access their own files, belonging to their domain. Now I want to implement a little bit more sophisticated access rules, namely Inside domain1.com I have several projects: domain1.com/project1 domain1.com/project2 … domain1.com/projectN each user has ftp access to a particular project that he owns. My question is how do I prevent user1 from accessing files of project2 using get_file_contents or readfile? As far as I understand SuExec can be applied on a domain level and here we trying to limit access to a particular folder inside domain. Any suggestions are highly appreciated! Thank you!