How to "jail" a ftp user inside its home directory (proftpd)?

I have a user named "ftp3" that belong to group "ftpusers-temp".

The home of that user is home/FTP-shared/temp

In proftpd.conf I have the following 2 directives:

DefaultRoot /home/FTP-shared
DefaultRoot ~ ftpusers-temp

I was expecting that user ftp3 could see only the "temp" directory; but what happens is that the "temp" directory is selected by default upon login, but the user can go back and access the root of the ftp server.

Shouln't user "ftp3" be jailed in "/home/FTP-shared/temp", and unable to access "/home/FTP-shared"?


The DefaultRoot line needs to be at the end of the configuration file.


I believe the problem could be that you have multiple DefaultRoot(s) specified. As the ProFTPd documentation explains:

If two DefaultRoot directives apply to the same user, ProFTPD arbitrarily chooses one (based on how the configuration file was parsed)

You could try commenting out the first DefaultRoot directive and see if that helps to resolve the problem.