php.ini - open_basedir
If 2 or more directories are specified in the open_basedir command in the file php.ini
eg : [ in 'www' ] 'bob','joe','tim', then all file operations in the others directories in 'www' will not be allowed to be processed ... not even read !
Neither would be allowed the processing of files at their level [in 'www'] unless is specified as in this string 'server_path\www\bob.php\'

THIS DOES NOT ISOLATE THE DIRECTORIES AND THE FILES TO RECIPROCAL PROCESSING !
IN OTHER WORDS include() - '../' - show_source() [and aliases] work out PERFECTLY !!!
THEY DO NOT WORK, AS ANY OTHER COMMAND, IN DIRECTORIES ABOVE THEM

If then a higher level directory is specified ...eg : open_basedir = 'server_path\www\'
then all other directories in 'server_path\www\' will be allowed to all files'operations.

The open_basedir does not limit files operations as described, in the same comments of the file php.ini , but ALLOWS all file operations in the specified directories and LIMITS all files' operations in all other directories in higher level [above]
If open_basedir='server_path\www\' is specified , it is useless to add 'bob' as it is already ALLOWED as 'joe' or 'tim' , and all other directories and files in 'server_path\www\'
... what I'm trying to do here is not an english grammar dissertation , but I am trying to verify a FIX to configure properly all users in their directory, and let the webmaster be assured they do not process or peep into source code of other [ftp] users.
For a server FIX that works see the Apache subframe of this page :-)
Official info on open_basedir surf : features.safe-mode
Apache setting  


Apache - php.ini open_basedir
All what is stated in above comments [php.ini - open_basedir] is performed and granted by making the following settings in Apache server httpd.conf and this time really it LIMITS all users defined in their directories eg : 
<Directory "home/USER/public_html/joe">
  php_admin_value open_basedir "home/USER/public_html/joe"
</Directory>
<Directory "home/USER/public_html/bob">
  php_admin_value open_basedir "home/USER/public_html/bob"
</Directory>
 
<Directory "home/USER/public_html/tim">
  php_admin_value open_basedir "home/USER/public_html/tim"
</Directory>
Users : 'joe' , 'bob' , 'tim' can surf their own directories and also use "../" if it falls back in their own and proper directory.
Any other directory from main website can look into them and this is what every webmaster wants : keep his users away from peeping into eachother directory, or worst in the main website.
For a server FIX that does not work see the php.ini subframe of this page :-)
Official info on open_basedir surf : features.safe-mode
php.ini comments