I'm wondering how can I make sure there arent shell people who will misuse the system and read my /etc/passwd /etc/shadow passwords?
Don't give shell accounts to sketchy people that you don't know or who live farther away than you can drive with a baseball bat
Running a shell server is a little different than running other types of servers. Since everyone already has user level access, preventing local root exploits or other types of privilege escalation attacks is going to be extremely important, as will locking down file permissions that are a liitle too relaxed on a standard linux distro. Definitely look into kernel hardening with something like the openwall patches or grsecurity. Make sure to incorporate some form of stack protection like PaX or Exec Shield as well. For locking down the standard linux file permissions (DAC) take a look at bastille Linux or you can go with an alternate form of access control entirely and switch to a MAC system (like that used by LIDS) or RBAC or RSBAC systems.
How do i place permission limitations on their account?
For creating restricted shell environments, you can use something like rbash or preferably a chroot jail. There are several guides and projects specifically devoted to chroot jails that you can find in unSpawn's Security references thread
. Chroot jails aren't a perfect solution, so hardening the rest of the system is an absolute necessity. Also remember that the less tools you give the shell users, the less things they have available to try and break. The same applies to the overall system itself, the less applications and daemons the better. Obviously general security measures like keeping up with security patches is going to be extremely important as well.