When creating a virtual host, the FTP server was enabled (port 21), if you log in using the credentials of SFTP (port 22) virtualhost, you can see the entire server tree !
Can you address this security vulnerability in your installation script?
(Translation with Google)
You may want to review the section of the documentation here titled “How can I prevent FTP Users from Browsing the Entire Filesystem?”:
Yes, I know that and I always does but if you put port 22 to port 21 pace, you have access to the whole server
In Webmin, System, Users & groups, /bin/false
sudo nano /etc/proftpd/proftpd.conf
JAIL THE USER IN HOME DIR
Remove the # from in front of the DefaultRoot parameter to uncomment it:
I always do, despite that one can visualize the whole server