Create a chroot jail to fully isolate him from your system..

Alternatively, set proper permissions on the directories and usermod his user to /sbin/nologin. In addition to that, add the methods/functions you wish to disable in PHP.ini via disablefunctions (exec,shellexecpopen,system,showsource,passthru,procopen,phpinfo, etc).

Edit: I missed that you wanted SFTP as well, look into the internal-sftp subsystem of OpenSSH.

I recommend using this method:

http://blog.netgusto.com/solving-web-file-permissions-problem-once-and-for-all/

mount the /var/www/htm/temp directory into his home directory (using the above method), and do not give his user sudo. (if you have not given him sudo yet, he wont have it by default)

that way he can ssh in all he wants but wont be able to do much of anything, but will have fill access to the /temp directory and that directory will be able to use the webserver still.

Why don’t you trust your developer? What prevents him from executing shell commands through your web server?

I just hired him from a job board and I’ve only know him for 5 minutes. I do have an image backup in the worst case. But, is there a secure way to do this?

Thanks Contex, can you recommend a good tutorial on chroot jail?