Disable Shell for Server Owners - FTP Security

I see several threads on security, but no resolution: contrary to one thought mentioned “Virtual server owners need shell to be productive” in our case, we are not resellers, Domains are divided up more along branding lines and to facilitate CMS… In this context I do not want the FTP users for a particular domain to be able to log in an see up and down the box. I have a core team of unix users, the only ones competent to work in a shell. Other users are just updating html files and changing text… all they need is FTP. Typically I just give the domain admin and password (on plesk) but the users were jailed into that domain and did not get shell (in plesk you could turn shell off for the domain owner user.) Under virtualMin it’s a bit scary because the domain own gets just about everything. In addition I want to also force everyone to use SFTP or SSH for FTP so now log ins are going thru clear text and then 3rd, I need to have at least one directory for “painless” FTP uploads for our advertisers and collaborators sending us large files… they need to be jailed into a single FTP directory. I’m not sure how to proceed. If I turn off FTP will SFTP still be an option? I cannot find where VirtualMin offers the option to turn off Shell for the virtualserver owner. I think we need a big "FAQ’ on this one…maybe it exists.

So I guess this boils down to 2 needs:
– jail in virtualDomain server owners: no shell, and SFTP or FISH only to their home directory and they cannot move from there.
– Setting up any FTP user who is jailed into a single directory, forcing them to use SFTP and SSH, (if possible… some users may use old clients)

Note, under plesk I set up "Web user" (www.mydomain.org/~jamie) and then gave a user and pass word for FTP to this subdomain… the user was jailed in, and could not see anywhere else on the box.

you can go to webmin-servers-proftp server- click on Files and Directories and lock users by setting "Limit users to directories" to "home directory".

I set new users in the Webmin - system - Users and Groups - click on the user and change the shell to /bin/false so they won’t have shell. I don’t know yet how to do this automatically on creation of the domain though if possible.

Also Virtualmin-system settings-module config-"defaults for new domains" might be of interest for you to restrict users.

Then there are options to create ACL’s under webmin - webmin users and create a group with certain set of permissions and add new users to that group