Ok, firstly I just want to say thank you for your help, and I would really appreciate it if someone could help me out here.

I have my own dedicated server with multiple accounts. The servers uses Apache and CPanel/WHM to manage all of the accounts.

We noticed that one account can access another accounts files through php. For example:

My current path is this:
/home/user1/public_html

In a php file while in the above directory I can do the following:

require("/home/user2/public_html/functions.php");

Which is a completely different account. I can successfully include the file, which I think is a big security hole. Why is this and how can I fix this? This is the default settings with cpanel, I havnt changed any of the directory permissions at all. Is it supposed to do this?

Thanks for your help.