Restricting directory visibility for pure ftpd

azirus

Registered
Sep 22, 2010
4
0
51
Hy,

i have problem with pure ftpd, my users can view my root directory.

how to restrict directory visibility for my users, to view only own /home directory.

Thanks
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
24
143
Houston, TX
cPanel Access Level
Root Administrator
By default, this should not be allowed. Each FTP user should be "caged" in his own home directory. What is the value of the following directive in /etc/pure-ftpd.conf on your server?

Code:
# Cage in every user in his home directory

ChrootEveryone yes
If this is on, each cPanel account user should only be able to traverse that account's home directory when logged in via FTP.
 

azirus

Registered
Sep 22, 2010
4
0
51
This is configuration in mu etc/pure-ftpd.conf file:

# Cage in every user in his home directory

ChrootEveryone yes

every user can view my root files , but can`t edit them.
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
24
143
Houston, TX
cPanel Access Level
Root Administrator
Please submit a ticket

This should not be happening in a default cPanel configuration of Pure-FTPd. Please submit a ticket so that we may investigate this directly, because what you describe is an unusual situation and should not be happening.
 

zerpex

Member
Oct 17, 2011
18
0
51
cPanel Access Level
Root Administrator
I'm facing same problem, ChrootEveryone yes is set in the pure-ftpd.conf file in the etc folder.. I've been trying to find a solution the last few weeks, then I found this.. with no solution..

I'll make a ticket.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Please post the ticket number upon submitting one so we can ensure the solution is posted to this thread this time for future reference.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I am having same problem with pure-ftpd

# Cage in every user in his home directory
ChrootEveryone yes

Any way out of this.
Are you sure the user is able to view directories outside of their own home directory? For example, what files can they access? Also, are you positive they are using FTP and not SFTP?

Thank you.
 

rhamie

Member
May 29, 2013
6
0
1
cPanel Access Level
Root Administrator
Thanks for the prompt response.
They are actually using SFTP with Filezilla and yes I am sure they are.
/etc (with other root folders) and infact able to download but not upload.

What do you say i do?
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
This is normal behavior for SFTP. SFTP uses a shell environment and access is only granted to the cPanel account username. Access to SFTP is not granted to virtual FTP accounts that are created via the "FTP Accounts" option within cPanel. With SFTP, users can browse to higher level directories. However, they are not able to modify or view the contents of any files they do not have access to. This is similar to how jailshell works for SSH access. If you prefer to disable SFTP for the entire server, you can modify the following file:

Code:
# /etc/ssh/sshd_config
Within this file, comment out the following line:

Code:
Subsystem sftp /usr/libexec/openssh/sftp-server
Once you save the file, you can restart SSH to ensure the change takes effect.

Code:
# service sshd restart
Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
It's standard to keep SFTP enabled, and the behavior you see is normal and is comparable to jailshell access for SSH.

Thank you.