i login as a normal user without special rights…
then i can connect with f.e. winscp to the home directory of that user and write and read
but i also can go up and read var, srv, bin etc inside root directory but not write
i can go inside other user directories but at
/home/someuser/web than reading is prohibited
thats ok so far
but is it neccessary that scp users can see root directory
with ftp going up is not possible
now i want to answer your question about the usergroup and nologin…
OK found the reason
“hosting package”
for short time i had hosting package default which was the only one i could use until you gave me the hint with thas ns1 ns2
i activated bash login for default
users which i had made with that could login via scp
but: when you remove bash login from already assigned default hosting package then users are not updated
the solution is:
if you set bash login inside hosting package , then users inside are not updated
you have to switch forward backward and then nologin is assigned as you have set inside the hosting package
i do not know if this behavior is intentional but i can live with that now