There is a problem: clients of servers (hosting) can view the operating system files (e.g. /etc/passwd) using cgi scripts. With PHP the problem is easily solved — open_basedir
Now this problem is solved by using AppArmor, but unfortunately it is supported in Ubuntu, which use is not very desirable for certain reasons, or OpenSUSE, which is not suitable for production.
Are there any other solutions?
expect that this can be done with SElinux, but unfortunately no deep experience in this technology and time to explore...
to ignore this problem in our situation is impossible, so the phrase "and what's wrong" you can not write:)