By default a user in user has a lot of rights, nothing really critical, but why allow him to peak in any config files if he doesn't really need to? So i was looking for a way to limit the rights of a remote user, without the need to chmod a lot of files. The first way i found was to create a jail shell. This is a pretty cool way to limit a user to a handful of commands and prevent him of leaving his home-directory. It works either with SFTP (easy) and SSH (bit more of configuration) and can either be applied to a user or a group. The user is named "heinzi" in this example:

SFTP

user

Match User heinzi
    ChrootDirectory /home/heinzi
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand /usr/lib/openssh/sftp-server

group

  ChrootDirectory /home
  AllowTCPForwarding no
  X11Forwarding no
  ForceCommand /usr/lib/openssh/sftp-server

/etc/init.d/ssh restart 

The user should now be limited to his homedirectory.