What is the best way to share a virtual server with friends? More precisely, I have the following assets:

• A virtual private server (Debian Lenny) with root access for myself, running...
  • SSH
  • apache2
  • mysql
• Some unused disk space
• Some friends in need of hosting

The problem

I would now like to do the following:

• Hosting one or several domains per friend
• My friends should have full access to their domains, including running PHP scripts, for example
• My friends should not be able to poke around in other directories
• The security of my server should not be compromised by faulty PHP scripts

To clarify: I do trust my friends in the sense that they are not trying to do something evil with their access. I just do not trust the programs they are going to run.

So, what are your recommendations for establishing such a scenario?

Partial solution

I already came up with the following plan:

• Add chrooted SSH users for my friends
• Add Apache vhosts per user (point the directories to subdirectories of the homedirectories, i.e. /home/alice/example.com, /home/bob/example.net, etc.

But how can I enforce a chroot-like environment for the scripts they are running within these vhosts? Any pointers would be appreciated.