The goal of this article is to provide solutions and approaches for a limited shared hosting environment. Now with modern container technology below techniques may be combined with mounted shares to create an even greater level of safety.
Approach 1 - Restricted SFTP Only Access
...
How to configure sftp to lock down directory with groups - http://www.debian-administration.org/articles/590
scponly sounded like a quick easy solution but did not get a good feeling when reading the docs as it sounds complicated - https://github.com/scponly/scponly/wiki