I've been wondering, wouldn't it be better to ditch FTP altogether and use sFTP only? A while ago Falko did write a howto on howto chroot ssh users to certain dirs and restrict access to sFTP only: https://www.howtoforge.com/restrict...s-setting-up-chrooted-ssh-sftp-debian-squeeze
FTP is a widely used service and the pure-ftpd configuration has TLS enabled, so it's secure as well. So why remove it? SFTP is SSH, unlike pure-ftpd it does not support virtual users, so you need an additional Linux user for each account in /etc/passwd.
