I've always been running the servers solo, having just one login accout to do stuff. However now the need has arisen to allow another person shell access to run commands such as php and the likes of find and grep. Without going into too many details, what would be the safest way(s) to limit their interaction with the rest of the system? For instance, limit the programs they may run, limit access to filesystem in general et cetera. Basically, limit everything to just their scope of work, which is developing a single e-commerce website on a server that also hosts email services, DNS and multiple unrelated websites, but without going overboard with security. Currently no jails are used there. Any general pointers on what to do, where to start, etc? This is all new to me. I know how to do limited SFTP access and it's working nicely, but not when it comes to a full-fledged shell.