FTP user can see not only their home directory??

I am trying to create a FTP user under “edit users” panel, I set the home directory to be "website subdirectory: medias/ ". When I test login with this new user, the default folder is medias/, however, it can go up to the “public_html” folder and can even modify its files. This is clearly not right.

How can I set medias/ as this new user’s root folder?

Little tired here so my brain is not at 100% but one thing what comes in my mind is because of group permission, e.g. domain user and subdomain user are part of the same group [permission]. Another thing could be “ProFTPD virtual FTP”. Check if you have this enabled with that virtual server and turn it off (uncheck). Either way you dont need this option aside for anonymous FTP and i’m pretty sure you are not using it. Last but not least, check again what is default directory for subdomain user.

hi, there is function to lock down to users home… you need to enable this in proftpd setting in webmin > proftpd

Just add DefaultRoot ~ or DefaultRoot ~ !adm somewhere near the top in proftpd.conf. Personally i’m using second option but you can test both of them.

Thanks. I am not very comfortable with command lines, but with you guys’ hint, I was able to do it by editting proFTPD server setting in the GUI.