yes, Alex is right. use SFTP to avoid any risk to your web server.
create a user: adduser username
and it is better to create a group so that group can be given certain permissions and access to folders.
Then choose what folders and permissions you want to give to each user...
use some software like filezilla to test that.
And remember to use SSH key access instead of login access