'Jailed' sftp user setup with Webmin?

I know enough Linux sysadmin to be dangerous but not enough to be reliably safe. :(

I have a new 16.04 VPS and have just installed webmin. I would like to setup a sftp user, william, via webmin who is allowed to write under /home/websitename/htdocs/ via SFTP and not cause problems with apache reading the files, which are all right now owned by www-data:www-data. Basically, they are designers and content folks, and this is a Joomla site. This should coexist with my developers having ssh access.

I don't want william to write elsewhere, and it would probably be good to prevent them viewing elsewhere. I've seen that Joe Cooper discourages using chroot to limit access (https://www.virtualmin.com/comment/706702#comment-706702), which I'm not sure I could do properly for my use case anyway as recipes like https://www.thegeekstuff.com/2012/03/chroot-sftp-setup/ generally focus on user directories and don't address working with apache readable files.

I think what I should do is:

1. Navigate to System > Users and Groups
2. click to Create a new user
3. Leave most options at default, eg Primary Group set to Existing group users, except as follows
4. Set Shell to /usr/sbin/nologin
5. Set Secondary groups so www-data is In groups, though maybe not
6. Set Create user in other modules to No as I don't want them to get email account etc
7. Navigate to Servers > SSH Server
8. Setup Access Control somehow :(

Questions:

1. What groups should william be put in?
2. What should the owner:group be for joomla files?
3. What groups should the developers who shell in and need to modify files under /home/websitename/htdocs/ be put in?
4. In SSH Server Access Control, it currently has All for Only allow user, Only allow members of groups, Deny Users and Deny members of groups. What should I change here?