If you have questions about using mojoPortal, you can post them here.
You may want to first review our site administration documentation to see if your question is answered there.
Maybe I'm missing something here but how can I allow users to upload via the shared files module but not expose the settings?
You can give edit permissions on the shared files module to a particular role, allowing those users to upload files, then you can add that role to "Roles NOT allowed to edit feature instance settings" (Administration > Permissions).
Perfect, many thanks.