File server on Debian Sarge with Samba, SSH and vsftpd?
 

I am going to build a small workgroup type of file server with needs for Samba, SSH (scp or sftp) and FTP (so far vsftpd has looked nice). HW will include 1 IDE HD for the OS and some data, but also a simple 2 disk IDE RAID 1 controller for the data storage. I have planned using ext3 or equivalent as filesystem. We have used RH servers previously, but are planning to go with Debian in future, that's why Debian Sarge (100 MB netinst).

My question is - do you have any recommendations regarding how to arrange the access control / security? Chroot jail with home directories is familiar to me as a concept, and we have used that in our web servers. So do you recommend continuing with chroot jails on all home dirs (we need to enable shares for the workgroup and each user, some SSH based accounts as well as FTP accounts)? I wouldn't want to share any data between these groups unless especially planned and permitted.

So, the easiest way (but not necessarily the most secure) would be setting Samba users and shares as one thing (limiting access only from local net), FTP users under their own jail and SSH users under their own jail. The Samba users are the most reliable and uniform group, but the data is probably most sensitive. They shouldn't need shell access on the server. FTP and SSH I want to separate somehow because FTP passwords are transferred unencrypted. So there actually could be even 3 accounts for one user: Samba, FTP and SSH?

Any ideas or pointers to existing FAQ or Howto is of course welcome. The server will be accessible from the local net and internet, maybe even via VPN.