need help with file server

I am looking to set up a file server for the company I work for, running Ubuntu Server, 10.04 LTS 64 bit. The requirements are as follows. Users must be able to drag and drop files to and from server, from their Windows based laptops, via gui. Access must be available locally and through the internet. Users must only have access to sftp. Users must not be able to access the command line, or any other service or protocol. User access must be easily configurable to only a few predefined directories. Users must not be able to roam around important system files and directories, even within their own home directory. Solution must be free and open source.

Based on the information that I have gathered so far, VanDyke's VShell Server, and client software, SecureCRT or SecureFX, APPEAR to be the best solution for us. They support the requirements that we are looking for, however, their software is not free. A license must be purchased annually. We want to steer away from licensing fees, and instead, embrace free open source software.

OpenSSH, available through the Ubuntu repositories, seems to lack some features that we are looking for. For one, operating system file level security is required. This would make restricting user access to only a few directories a cumbersome process, since the software itself doesn't have the capability to restrict directory access like VShell does, directory access would have to be predefined through the os file permissions. Secondly, access cannot be limited to sftp only. Users will have access to the command line, and this is something that we want to prevent. Please feel free to correct me about my assumptions in respect to OpenSSH as I am a new to Ubuntu. We are looking for a free open source solution that meets our requirements. Any input would be greatly appreciated.

thanks in advance
rj