Just a certain service.

edit the packages in the WHM > Features Manager and disable all the features which you do not like to have your end user see

 

I believe this is not something that's supported by Cpanel. You will have the FTP access once your account has been setup on the server.

 

I believe that a main account's FTP login details are stored in /etc/proftpd/username and each virtual FTP user's login details are stored in /etc/proftpd/passwd.vhosts

Clearing the password hash for the relevant user will prevent FTP access as authentication will always fail, however the FTP password for the main account (/etc/proftpd/username) will probably be recreated when the user's cPanel password is reset.

To prevent users from choosing really bad account passwords I don't allow users to reset passwords and handle all password resets myself. Its a bit of a hassle but a worthwhile security measure.

If you also don't allow cPanel users to reset their passwords you've have some control over their FTP password too.

 

Not 'as is'.

However /scripts/wwwacct has the provision of running /scripts/postwwwacct and /scripts/postwwwacctuser, if they exist, so that general and user-specific actions can be performed once an account has been created.

You'd have to create /scripts/postwwwacct or /scripts/postwwwacctuser yourself and script them to your requirements.