While the web shop won't have accounts for customers (at least at first, I'm willing to reconsider if people really want that), it looks like I do want to have a login/accounts for staff because otherwise I need to give a bunch of people on staff ssh access to the server (nobody wants that) or I need to leave the back end stuff needed for order processing open to the public (which is relatively safe for the level of access I'm exposing but still seems like a bad idea).