Scott Greczkows

Well-Known Member
Feb 5, 2004
65
1
158
When some one logs into the server via ftp using their same username and password they use for their cpanel account, they get put into their home dir, ie /home/user Well, if they click on the .. they move up into /home and if they do it again they move into root!!

(Note they do not see any other users files in /home other then their own... but again hitting .. takes them to the Home Directory where they can see the directories such as bin, dev, etc, lib, lib64, opt, proc, sbin, tmp, usr, and var plus all the files in those directories and they can download from any of those directories.

How do I keep them from going outside of their Home Directory?

We are using Pure-FTPD.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,894
463
438
Finland
cPanel Access Level
Root Administrator
It shouldn't work like that.

If you have root access check that in file /etc/pure-ftpd.conf
you have line:
ChrootEveryone yes
 

Scott Greczkows

Well-Known Member
Feb 5, 2004
65
1
158
Ahh it's not FTP thats doing it...

Its SFTP thats doing it. If I login using regular FTP is works like its supposed to... so now I got to figure out why SFTP is the one doing this.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello :)

SFTP uses a shell environment and access is only granted to the cPanel account username. With SFTP, users can browse to higher level directories. However, they are not able to modify or view the contents of any files they do not have access to. The ability to traverse outside of ~ is an artifact of using a *nix file system.

Thank you.