open_basedir settings

i thought the cpanel directions say to create an ftp user with the same name as the subdomain to restrict its access (or something like that)

Yes, that part works: new user can't access outside his/her home on the FTP. However, the ownership of the file remains the same and that user will be able to upload and run a script to access files above his/her home directory (I haven't actually tested this, but I'm guessing it's true).

In some other control panel programs, new users will have different UID, files & folders he creates will be under him, and he won't be able to access files/folders with different UID. Usually they use ~subdomains for their subdomain addresses. Like: www.site.com/~sub1 (don't know why).

I'm just wondering if such a feature already exists in cPanel and I missed it. Or if there's something that I can do more (like via .htaccess) to do something like this.

I know that I should never give FTP access to people I don't trust, but people I do trust might still even make mistakes. Maybe one of them will one day, unknowingly, use an outdated/unsafe script and some hacker exploits that. When that happens and the whole website's files and folder are under the same UID, the hacker will be have access to the whole website, on the other hand, if they have different UID, then only his part of the website gets 'hacked', and the main site and the other sections are still safe.

Maybe I should request for php safe_mode to be enabled for my domain?

Thanks for comments/replies.

The only other real option is to just create your subdomains as seperate accounts via WHM.