I have to be honest here, and admit that I didn't realize FOSS meant Free Open Source Software. While I appreciate your allowing that I am doing something fairly clever, it's not so complicated in this case. When setting up the subdomain, I created a new user account, so there is little risk of anyone gaining access to the account I use to manage my base domain, or any other subdomains. After a little consideration, there is something relevant to add too. The Joomla installation on that setup is a sandbox, so there is no risk of any real repercussions.
All that's on the subdomain I'm talking about is a stylesheet, a few PHP pages, and a number of discrete folders named after the various artists containing their audio files. The users aren't technophobes, but they're not trying to set up IRC daemons either. I know the users through an online community, and they contact me first if they want to host something. Basically I keep the login moderately quiet, and provide it to them after creating a new folder. They upload their mixes, and PHP pages allow visitors to traverse this directory structure, which exists in a folder called "music".
I coded the pages so that only directories (parent/children), and specific filetypes are displayed on the index pages. These mixes are usually 0.75-1.5 hours long, so a new one only comes along maybe a couple times a week and new artists only look to get hosted maybe once a month or less. Because of this I don't mind doing all the directory maintenance manually, I just don't want to give everyone full access anymore. All files are uploaded through ftp since they're typically 60-100+MB each.
I've seen ftp servers with upload drop folders before, so no one can see what else is in there. I'm thinking about just keeping the current username with a new password, and setting up some non-web-accessible location with only write permissions on it that is associated with a new user account. I'll take care of moving all the files once they're uploaded. Anything special I need to be concerned with? Also, will the ftp server support resuming in a case like this? I suppose granting read permissions isn't a big deal either, because the mixes are either intact or they're nonexistent.
To sum up --Sorry for always being so verbose!-- we're talking about something like 20 invited artists so far. It's a labor of love for music too, I'm not looking to offer this to anyone other than a circle of friends. Would it be advisable to create an entirely new upload destination, or could I integrate this within a folder on my site? Thanks for reading this far down.