To do that, log into Virtualmin, and go into Limits and Validation -> FTP Directory Restrictions, and setup an FTP restriction that restricts users to their home directories.
Yeah, a user would be able to see all files, directories, and subdirectories within their home dir. They can’t browse “above” their home directory though.
I have tried it with ftp protocol which won´t work. No way to connect. With sftp it works and the connected Server Admin can browse higher outside than his own virtual host directory under /home/domain/.
Now i try #root@server: yum reinstall proftpd with your repo. -> no changes!
Umask 022 is a good standard umask to prevent new dirs and files
from being group and world writable
Umask 022
Allow users to overwrite files and change permissions
AllowOverwrite yes
AllowAll
DefaultRoot ~
A basic anonymous configuration, with an upload directory
Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions apply."
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10 "Sorry, max %m users -- try again later"
# Put the user into /pub right after login
#DefaultChdir /pub
# We want 'welcome.msg' displayed at login, '.message' displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin /welcome.msg
DisplayChdir .message
DisplayReadme README*
# Cosmetic option to make all files appear to be owned by user "ftp"
DirFakeUser on ftp
DirFakeGroup on ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE SITE_CHMOD>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
AllowOverwrite no
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
# Don't write anonymous accesses to the system wtmp file (good idea!)
WtmpLog off
# Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
opaque, you wrote: “I have tried it with ftp protocol which won´t work. No way to connect.”
What exactly did you mean with that? Have you been doing all the tests with SFTP (which is basically file management over SSH)? There it is normal behavior that users can browse the whole file system (but are restricted by Linux file system permissions). There is no (feasible) way of changing that, except for some serious SSH hacks which I’m sure you won’t want to do.
How are you trying to connect with FTP? What error do you get? Can you telnet to the server on port 21? Is ProFTPD running? Is it listening on 0.0.0.0:21? Is a firewall blocking the port? Is the server behind a router or even a NAT (in which case you need to make some special configuration in ProFTPD)?