Ideally I would prefer it if server owners could NOT see their ‘system’ folders and scripts when they log in by FTP to their home directory. (Or at least not have permission to fiddle with them).
In other words, I’d like them to only have write access to their document root and their cgi-bin. Not to their mail files, their Awstats files etc (and I’d prefer it if the cgi-bin could be empty with a new site).
Does that make any sense? Can it be done quite easily? (I’m new to Virtualmin)
May I ask why you’d want to hide those files from the server owner? There’s nothing in there that’d have to be kept secret from him. 
I don’t think VMin has functionality to do what you suggest… You’d have to fiddle manually with the ownership and permissions of the home directory contents. Which is not recommended, as it’d be prone to break a number of things.
What you could do is restrict FTP users to e.g. the public_html directory, causing them to see that as the “root” and not be able to changedir to anything outside that path. You can do that in Limits and Validation -> FTP Directory Restrictions.
May I ask why you’d want to hide those files from the server owner?
There’s nothing in there that’d have to be kept secret from him.
No, no secrecy. Just a case of thinking “need to know” basis is probably more stable. If someone can inadvertently delete or modify a system file, that has the potential to cause frustration and issues down the line.
What you could do is restrict FTP users to e.g. the public_html directory, causing them to
see that as the “root” and not be able to changedir to anything outside that path. You
can do that in Limits and Validation → FTP Directory Restrictions.
Thanks! I’ll take a look.
Okay, if it’s about preventing damage by “playful” server owners, it might be best to lock them in the public_html directory.
Can’t seem to get it to work
I have selected the server, and have set " Virtual server’s home directory". But it seems to have no effect.
(I dunno if that’s because I have changed the default home directory. At the same time, if I try to set the option “other directory”, nothing I enter there gets accepted. eg “httpdocs” (my renamed home directory) gets “Failed to save FTP directory restrictions : Missing or invalid directory in row 1”. Ditto with “/httpdocs”, or even “cgi-bin” or whatever).
Try “~/httpdocs”.
BTW: Don’t mix up “home directory” with “HTML documents directory”.
The “home directory” is the one that contains all the stuff you wish to hide, like the Maildir etc. Your “httpdocs”, or originally “public_html” is not the home directory, that’s why setting the FTP restriction to “home directory” seems to have “no effect”. (In fact, it does have an effect. Without that restriction, FTP users can see the whole file system, or rather the parts they have access to.)
Thanks - the magic ‘~’ allowed me to set that directory.
Only thing is… It seems to make no difference at all! (Have stopped and started FTP server too). In other words FTP access is exactly as it was. 
Okay, take a look at Webmin, section Servers -> ProFTPD server -> Files and Directories. What is listed there in “Limit users to directories”?
What exactly did you try? As which user did you log on and what does the “/” of the FTP server show?
I have two lines for “Limit users to directories” :
~/httpdocs unix groups: test-domain.com
none unix groups: everyone
If I FTP in as test-domain.com I see all the default virtualmin dirs eg awstats, maildir.
I have full read/write on all of these.
Actually, those settings look okay. To make sure the group assignment is correct, you can do groups test-domain.com. It should say then: something like test-domain.com : test-domain.com.
It might help to restart ProFTPD, maybe the config change has not yet been applied correctly.
Are you using Ubuntu? On my system, I got the issue that when Webmin restarts ProFTPD, the start fails cause the stop script returns before the server is actually down. It helps to append a ; sleep 3 to the shutdown command in the Webmin ProFTPD module config.
Thanks for your patience with this.
you can do groups test-domain.com. It should say then: something like
test-domain.com : test-domain.com.
Yes, that’s OK
It might help to restart ProFTPD,
Have tried that
Are you using Ubuntu?
No, CentOS
On my system, I got the issue that when Webmin restarts ProFTPD, the start fails
cause the stop script returns before the server is actually down. It helps to
append a ; sleep 3 to the shutdown command in the Webmin ProFTPD module config.
I have tried stopping, pausing and starting. No good!
I think maybe I need to send in a bug report.
Hmm okay… When you FTP in, and type pwd, what directory name does it tell you? And what does the ls listing show?
It’s possible that there’s an issue with Webmin/ProFTPD/Directory restriction (different config file layout or similar) on CentOS. For me on Ubuntu it works okay the way you have it set up now.
