Is it possible to use chroot with users that have already been set up as we have already added over 20 groups and set quotas for them etc.
Sure you can. Just set up the system and use a shell script to process all users and groups (or use a shell script that fills a chroot OTF, AFAIK PAM has some modules that can run scripts on login). BTW, for OpenSSH check the Chroot patch for ssh
. Might be interesting. If you run chroots it would be beneficial to check out the Grsecurity kernelpatch. Even if you don't use the RBAC, you'll at least gain reinforced chroots plus extra auditing capabilities. For FTP I'd suggest using an ftpd with the best track record where security is concerned: Muddleftpd. One more thing. If you're running low on space, have a look at Busybox. It provides a lot of std binaries in one executable and even though it does not support all binaries arcane flags it's matured a lot over the years providing much more than a few yrs ago.