linux

How to restrict any access to files and folders of one user from another on a web server?

Hello, please help me solve one problem (security hole).
Let me give you an example:
Our server has site1.ru. This site is owned by user1. The site is powered by CMS Bitrix.
This site has 2 files that store passwords from the database:
/var/www/user1/data/www/site1.ru/bitrix/.settings.php and /var/www/user1/data/www/site1.ru/bitrix /php_interface/dbconn.php
We also have site2.ru on our server. This site is owned by user2.
This site has a test script:
/var/www/user2/data/www/site2.ru/test.php
The content of this script is as follows:

include '/var/www/user1/data/www/site1.ru/bitrix/php_interface/dbconn.php';
echo $DBPassword;
$arr = include '/var/www/user1/data/www/site1.ru/bitrix/.settings.php';
print_r($arr);

If we open site2.ru/test.php in the browser, we will see an array containing the login and password from the database of another site.
You can set permissions to 0700 for the folders /var/www/user1/data/www/site1.ru/bitrix/php_interface/ and /var/www/user1/data/www/site1.ru/bitrix/
but in this case it will be impossible to open site1.ru/bitrix page from the browser, but this is not good.
The question is how to distinguish between any attempts to access (read, write, execute) sites of one user from another user and vice versa ???
If safe_mode is disabled in php 5.4 and above, and open_base_dir does not allow you to upload images and other files from the site admin.
----
I also corresponded with the TP about this.
Write:
The problem may be due to the installed php APC module, because. the rights to folders and files are set correctly, the owners and groups are also set correctly.
Those. php file is cached when it is opened by user1, and then user2 quietly takes it from the cache.
Server Linux CentOS 6.5, php 5.4 nginx