FTP chroot -- while Using WHM without CPanel accounts for a single website...


Mar 10, 2010
I have a small software company. I recently moved my website to a VPS server at asmallorange.com. They use CPanel/WHM exclusively. I have spent the last few days rebuilding support for PHP 5 and Apache 2.2, installing all of the databases, stored procedures, and site files, and getting all of the server settings just right. I did all of this using only WHM and shell access. In other words, I did not setup any CPanel accounts. One of the first support agents I talked to at asmallorange.com suggested everything I needed could be done using only WHM and sure enough that turned out to be true... and simpler. The last missing piece of the setup is FTP user accounts for my beta testing team. They log in to grab new software builds as they become available for testing. On the original server setup (before the move to A.S.O.), each tester was chroot'ed into his/her unique ftp home folder, so that they -- or anyone else who sneaks in under one of their usernames -- couldn't see anything outside of that folder. It worked nicely, but was done using a completely different mechanism in the other host's control panel (not CPanel/WHM). When trying to set this up today in WHM/shell, nothing I tried worked... I tried the "/./" trick, tried both pure-ftp and proftp, and tried adding -A and --chrooteveryone to the launch flags of pure-ftp. Nothing has worked so far. The jailshell checkbox under "Tweaks" in WHM doesn't do anything and has been checked this whole time (I think this only applies to CPanel accounts, of which I have none).

When I contacted support again a few minutes ago, the guy -- a different one this time -- said that I cannot run a web server with just WHM and no CPanel accounts. I don't see why not. Everything else I have needed to do has been done already and is working great, and ALL of it was done in WHM/shell.

So, instead of debating him, I thought I'd ask in here... how do I get chroot working for SFTP logins... while still running a WHM-only setup?

Note that when I say I tried -A and --chrooteveryone, I'm not sure that I figured out exactly the right place to squeeze them in. CPanel, as you know, has all kinds of wrappers around the typical config files and launch mechanisms of all of the services it supports. The same is true of pure-ftp. The closest I got was /scripts/restartsrv_ftpserver...

After this line...

( $processowner, $service, $iscript, $manualstart, $servicebin, $serviceflags, $disabled ) = servicefixup( $system, $service );

I tried adding --chrooteveryone to the $serviceflags variable, before it's actually used:

$serviceflags = $serviceflags . " --chrooteveryone";

When I print this out just afterwards, I can see the printed output inside WHM when I restart the FTP service in its UI:

print "serviceflags = $serviceflags\n";

When I restart ftp inside WHM, I can see:

serviceflags = --chrooteveryone

... but that doesn't help.

Maybe it needs to be an array instead of a string or something like that.

Or maybe "$serviceflags" is some other set of flags. It's hard to tell since CPanel adds 100 levels of abstraction away from the core startup mechanism.

There is also a pure-ftp config file, but it appears as though it's not being used.

Anyone know how I can get this working?




cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
[...] I did not setup any CPanel accounts. [...]

Anyone know how I can get this working?
It will be much easier to manage, configure, and tweak aspects of available features and services after creating a cPanel user account. Please note that the cPanel login username is the same as the local system user (that is provisioned when creating a cPanel account via WHM). When a cPanel account is created you can then login as that user and setup add-on FTP accounts (via cPanel) that may have their own unique directories or share with others if desired. When creating add-on FTP accounts you will be able to specify the precise directory path that the new FTP user will have access to, relative to the cPanel user's home directory.

To properly setup and maintain ease of use you should create at least one cPanel user account via WHM at the following menu path (with linked documentation):
WHM: Main >> Account Functions >> Create a New Account

In combination with the new cPanel account, I recommend to create at least one package defining the disk quota, bandwidth limit, and other features such as the maximum number of add-on FTP accounts; this may be performed either at the same time during account creation (via root WHM access) or via the following menu path in WHM (via either root or reseller WHM access):
WHM: Main >> Packages

Once there is a cPanel account setup, then you may proceed to setup individual add-on FTP accounts via the following cPanel menu path:
cPanel: Main >> Files >> FTP Accounts

After the cPanel account is fully setup then any existing data that was uploaded previously may be relocated into an appropriate place within the new cPanel user's home directory or document root (e.g., "~/public_html/"). When moving data, assuming via root SSH access, please ensure to correct file and directory ownerships so that the user and group matches the cPanel user account; the command-line utility "chown" may be used for this purpose.

Please also be aware that add-on FTP accounts will have an FTP login username that is appended by "@" followed by the primary domain name of the cPanel account, for example, in a format such as "[email protected]" (where "domain.tld" represents the cPanel account's primary domain name); to further clarify, please note that while it may resemble an e-mail address add-on FTP accounts are unrelated to and do not affect e-mail configurations (i.e., it does not setup an e-mail account or e-mail forwarder of the same name nor would it conflict with existing e-mail configurations).