One useful feature would be to enable chroot+sftp force for yunohost users ; this could enable them to connect without the risk of overpass their use cases.
In my server, I as full admin should be the only one to have a shell access, for SoD purposes.
When creating multi custom web app that could be managed by yunohost user, bind webapp to chrootes user’s home for, that enables him to see his webapp only.
When using NextCloud: one could upload/download files through SFTP that would be integrated in the app by a cron job
What are your thoughts about this?