What is the best way to selectively grant and revoke access to FTP directories that are outside of the users home directory?

What is the best way to selectively grant and revoke access to FTP
directories that are outside of the users home directory?

I am the sysadmin for a public facing Debian server. This server primarily
serves websites from a custom built CMS. We have many contractors who are
preparing themes for these websites which are served from another server
where they have FTP access (this is a convenience while the themes are
under development). The themes are comprised of a CSS file plus supporting
fonts/images. The contractors do not currently have direct access to the
server that hosts the website (and is the ultimate resting place for the
themes). This has been a deliberate security decision but I'm looking at
opening that up now as it is preventing them from making changes to markup
which is the source of much frustration.
The way the system works is that each website has it's own "filestore"
directory which is where the theme and any custom code for the website
(MVC type structure) is based. The CMS application lives in /apps/appname
and the filestore directory lives on the same filesystem in
/apps/filestore. Each website has an ID and it's files are stored in
/apps/filestore/1234 for example.
I have recently installed proftpd to see whether I can configure it as
required and so far so good. I have specified that users (actual users on
the machine) are locked to their home directories which prevents them from
escaping and exploring the filesystem, however I still want to selectively
grant and revoke their access to the filestore directories which are
outside of their home directories. In my case giving them access to the
entire server and limiting their access via user and group permissions
isn't really an option.
For example, if bob needs to work on /apps/filestore/1234 I have
discovered that I can mount that directory from bob's home directory as
follows:
root@server:/home/bob# mkdir -p filestore/1234
root@server:/home/bob# mount --bind /apps/filestore/1234
/home/bob/filestore/1234
Then bob can log into his FTP account, go into filestore/1234 and access
the files as required. I can then remove his access by umounting the
directory later. This appears to work just nicely. It will be a small
sysadmin pain to have to do the mounting by hand all the time so I need to
automate the mounting / unmounting a little better, but is this the right
want to do it?
Thanks for your comments!
- Bob -