I run a web server for some friends and I was curious how people that do this usually handle permissions.

I keep all my websites in /home/www and then just create symbolic links to the /home/www directory for my users. The problem is it's a pain to add users, then add them to the apache configuration for their subdomain, as well as my nameserver zone files.

I've generally set all the owners of the directories in /home/www to <username>:nobody and the file modes to 770. That way apache can read the files, but other users can't list the files.

Is this method sound? Anyone have any suggestions on how they would do it?