A good article on previous open_basedir bypasses is available at https://www.bencteux.fr/posts/open_basedir/
In addition, the use of open_basedir is not very efficient. It requires PHP to check each file system access against the list of provided paths. open_basedir also disables the realpath caching, which further slows down file system accesses. So depending on your application and the number of configured paths you may experience serious degradation of performance.
On your question on how to secure a setup with multiple users: The answer is PHP-FPM. Run a FPM pool for each user assigned to their own OS user. Then use the classic ownership/file permission mechanisms to ensure that users can not cross their assigned boundaries aka home dirs.