As you offer shell user hosting, then this makes sense indeed. I havent thought about that option.
Perhaps offer it on a special server configuration security level?
That might be a good place to implement it. Basically we could do a setting on a per website basis as well as you suggested in the first post, this would be more flexible on one side but on the other side, it would be more likely that a user changes this setting for a exsiting web and I guess it would be a real mess if we have a website with e.g. 10 jailed shell user where someone switches this setting and we have to find a way to migrate the security system then. Maybe it is even nescessary to block this setting after a web is created, what do you think?