How to "jail" a ftp user inside its home directory (proftpd)?

security linux users ftp proftpd

I have a user named "ftp3" that belong to group "ftpusers-temp".

The home of that user is home/FTP-shared/temp

In proftpd.conf I have the following 2 directives:

DefaultRoot /home/FTP-shared
DefaultRoot ~ ftpusers-temp

I was expecting that user ftp3 could see only the "temp" directory; but what happens is that the "temp" directory is selected by default upon login, but the user can go back and access the root of the ftp server.

Shouln't user "ftp3" be jailed in "/home/FTP-shared/temp", and unable to access "/home/FTP-shared"?


The DefaultRoot line needs to be at the end of the configuration file.


I believe the problem could be that you have multiple DefaultRoot(s) specified. As the ProFTPd documentation explains:

If two DefaultRoot directives apply to the same user, ProFTPD arbitrarily chooses one (based on how the configuration file was parsed)

You could try commenting out the first DefaultRoot directive and see if that helps to resolve the problem.

Related

telnet source IP
Spam addressed to a sender but received by everyone else
What exactly is handling hosts.allow and hosts.deny?
Best way to bypass Squid for certain sites?
Apache SSL Installation
Setting up DNS for a LAN without a top-level domain name
Are network and broadcast IPs supposed to respond?
PPTP/GRE Multi-forwarding NAT IPTables Example
Why can't I get Apache2 mod_dumpio working under Lucid Lynx Ubuntu?
How to do the equivalent of rpm -qf in AIX? (Which package does this file belong to?)
How to edit command completion for ssh on bash?
Security concerns about Windows NT 4.0