I guess the difficulty is that home directories are not publicly executable in your environment.

You can put an [access control list](http://en.wikipedia.org/wiki/Access_control_list) on all home directories that gives a particular user or group execution permission to the directory. The web server will then potentially be able to access any file in users' home directories, which may provide ways to escalate privileges (at least, this will broaden the impact of a local file access vulnerability). For example, under Solaris or Linux, make sure the home filesystem is mounted with the `acl` option, and run

 setfacl -m user:www-data:x /home/*

(integrate that into your account creation setup). Then tell your users that their `~/public_html` directory must be readable by the `www-data` user; they can run this command:

 setfacl -R -m default:user:www-data:rx ~/public_html
 setfacl -R -m user:www-data:rx ~/public_html

Another possibility is to mount all the users' `public_html` directories in a separate place on the filesystem. This approach has the advantage that the permissions on the home directories won't matter; it even allows the web server to run chroooted. Under Linux, you can do this for a home directory:

 mount --bind /home/joe/public_html /srv/homepages/joe

The `public_html` directory and its contents still need to be made accessible to `www-data`.