: How I give Apache access to users vhosts and keep it secure? I have 2 RHEL 7 servers running Apache 2.4 behind a load-balancer. Both connect to an NFS data store where web pages are held

I have 2 RHEL 7 servers running Apache 2.4 behind a load-balancer. Both connect to an NFS data store where web pages are held and both servers run ssh to allow users to put web data on them. The users authenticate using AD. I have no control over AD. Users can have multiple virtual hosts that I create for them upon request. So ls -l /web would look something like:

700 user1:ad_user vhost1.example.com
700 user1:ad_user vhost2.example.com
700 user2:ad_user vhost3.example.com
700 user2:ad_user vhost4.example.com
700 user5:ad_user vhost5.example.com

So how can I keep users in there own vhosts, out of other users vhosts, and let apache serve up all their pages?

apache runs as apache:apache
I can't make a apache part of the ad_user group. It would be a local groups and would not have the same ID as the one from AD.
I have tried making everyone a member of the apache group and making the following changes.

750 user1:apache vhost1.example.com
750 user1:apache vhost2.example.com
750 user2:apache vhost3.example.com
750 user2:apache vhost4.example.com
750 user5:apache vhost5.example.com

While this allows apache to do its thing, users can now get into each other's websites

I have "heard" that there is an apache module that will handle this situation but I can't find it .... if it's really out there.
I'm thinking that SELinux handle all the permissions to do this but I'm an SELinux noob.