FTP permisions and ftp clients

Hi virtualmin community!

I manage to setup more virtual servers on my centos 5.4.
To upload web content I use filezila, using sftp connection.
I notice something very strange: using virtual server username blabla and passwd blabla I can’t enter in /home/other virtual server directory for example /home/abc.net, this is a normal behavor, but i can navigate trough all content of the server: /etc /root /bin.

There is something wrong with my FTP Directory Restrictions setup?!

Apply to server and sub-servers : All virtual servers
Restrict to directory: Users’ home directories

Apply to server and sub-servers : Only server: blabla
Restrict to directory: Virtual server’s home directory

Apply to server and sub-servers : Only server: abc.net
Restrict to directory: Virtual server’s home directory

Howdy,

The setup for SSH and SFTP is different than that of plain old FTP.

FTP has a mechanism for locking users in their home directories; SSH and SFTP do not.

Users are, however, limited to viewing files that filesystem permissions allow.

That is, even though they can enter /etc, the Linux permissions prevent them from seeing anything they shouldn’t. If that’s not the case, you may need to review the permissions

Also, remember that if they were to upload a PHP script, that PHP script would have permissions to do the same thing. That is, filesystem permissions would allow them to view certain files in /etc using a PHP app.

-Eric