Question:
How do I keep ftp users from traversing up from their home directories?
Answer:
A directive must be inserted into the proftpd.conf file to restrict ftp users to their home directory.
Software:
ProFTP
Detail:
By default, ftp users are able to traverse or 'cd' above their home directory, so that they can go into almost any directory on the server. To restrict an ftp user to a certain directory so that they cannot go above this directory, the ftp directive 'DefaultRoot' must be used to tell the ftp daemon, proftpd, that this user is not allowed to go above this directory.
Solution:
NOTE: Currently, you must make this change as the user root. Root access is available only on the Freedom 400x and the Freedom 500x.
To restrict an ftp user to a certain directory, edit the proftpd configuration file, which is located in the /usr/local/etc/proftpd.conf directory. The syntax for the DefaultRoot directive is:
DefaultRoot DIRECTORY USER(S)
It is safe to make DefaultRoot entries at the bottom of the proftpd.conf file.
Example 1: To restrict the user 'testuser' to their home directory, you would make the following addition to the proftpd.conf file:
DefaultRoot ~ testuser
The ~ represents the home directory of any user, so this would restrict the user testuser to their home directory when in FTP.
Example 2 - To restrict the user testuser to a vhost directory, the following entry could be made:
DefaultRoot /usr/local/www/vhosts/domain.com/ testuser
IMPORTANT NOTE: Because FTP is run through inetd, inetd must be restarted before the changes made to the proftpd.conf file will take effect. The command to restart inetd is: inetctl restart