By Aolserver instance do you mean OpenACS instance? If you have, say, two services on one machine, then I envision:
/usr/local/aolserver with binaries, nothing service-specific, basically read-only
/home/service0 with ssh certs and emacs files and such for the people who connect to the machine to work or administer on service0
/var/www/service0 with all the files to make service0 work
then
/home/service1
/var/www/service1
etc.
the service0 user wouldn't be able to affect the service1 user.