I refer to this discussion from quite some time ago…
whilst in virtualmin filemanager, this problem now seems to have been resolved…i am now looking at my filezilla screen with some trepidation wondering how on earth this can be?
see google drive screen shot here…https://drive.google.com/open?id=1YFaZCTUfKNntPLDQvEVTX9Ai6MirO52Y
and the corresponding virtulmin file manager view here…https://drive.google.com/open?id=1FP0D3EWUfYmuM1leyfd2qrWOCG0iHL6L
This is a brand new Virtualmin instance with default installation settings. I havent configured anything in proftp, This is straight out of the box file permissions.
To add to the discussion mentioned in the forum thread above, shouldmy default virtualmin installation setup by running sh install.sh from command shell on my brand new Vultr VPS allow this?
Is there something that i should have done on the default debian 9 system before running the virtualmin installer?
Also, i did not install as a sudo user. When we create vultr instances with debian access is root user and that is how i installed virtualmin. I did try sudo user install on another one and had major problems after the installation was complete, so i did not attempt that it with sudo user again on this system.
So to recap…
why is “default” virtualmin installation on my debian 9 VPS allowing filezilla sftp user to access the entire server root directory? (virtualmin file manager is not allowing this and works as expected)
I am confused as to what is the point of having SSH? We read all over the web SSH is more secure this is the best method for data transfer. Then i read, SSH is almost impossible to lock down so that users dont get at least visual access to an entire server by running scripts etc!
Virtualmin documentation makes reference to SSH, SCP, and FTP over SSH (SFTP) and yet in the forums it appears we are being told that this actually is a terrible idea and shouldnt be used because it relies entirely on just user permissions in order to prevent users from editing files that are for some ridiculous reason, clearly visible to them…but that they are not the owners of (ie files in the root directory owned by root, and files owned by other virtual servers as well)
So what on earth should i do for my server with shared hosting accounts (virtual servers) on it? Do i just completely shut down the SSH server functionality and force them all to use ftp or ftps/ftpes?
Is there a “Virtualmin official guide” on how to setup ftpes?