The REALUSER token is set to maintain the actual owner of the account. The USER token is update to that of his creator upon suspension so that the path ownership matches with change of document root to that of the owner. The bug was that the subdomains and ssl virtualhost were set to that of the admin, instead of maintaining the real username. The original domain's VH write was correct, but all subsequent VH writes for subdomains and ssl VH's were not. Fix was to adjust how tokens are filled into the container class so that the container is not modified when passed to the other writes.