Great idea, jcwren, ++ for that one and good luck :)

Some security thoughts:

I'm not an ISP myself but I work for the University of Vienna, where we provide webspace (and mailing and much more) for about 40.000+ users. My advice: don't give them mod_perl or PHP. Plain CGI is ok, as long as the scripts run under the user-ID of the script's owner, and not under the Apache user-id, so the chance is minimal that someone messes around in someone elses stuff. Neither mod_perl nor PHP may run as any other user-ID than the webserver's, AFAIK.

Next, propagate ssh and scp over telnet and ftp.

And finally, introduce some kind of resource limit, like quotas and CPU-limits per user, so the pigs don't mess around to much.

Just my 0.02 Euro.