linux

How to restrict access?

Hello!
Tell me how (if possible) to restrict the user's access to all third-party directories except him?
There are 2 sites, here are their directories:

site1.ru /var/www/user1/www/site1.ru/
site2.ru /var/www/user2/www/site2.ru/

The sites are owned by 2 different users: user1 and user 2. The rights to the folders are configured, the groups are different.
How to make it impossible to get data from the site2.ru directory when site1.ru is hacked?
I did everything like this, but with this script on site1 :

$files1 = scandir('/var/www/user2/www/site2.ru/');
print_r($files1);

I still get a list of files in a foreign directory. Then I tried:

$text = "Какой-то текст";
$fp = fopen("/var/www/user2/www/site2.ru/", "w");
fwrite($fp, $text);
fclose($fp);

The file has been created.
Am I dumb or do I need to do something else to deny access?
Thank you.