When a client create FTP account, he/she can access all directory above such as Code: /etc, /var/, /bin etc etc. They could even transfer some of these files in the restricted directory to their PC. The client try to add a subdomain with a web folder of it's own. So that means he create a new website in website module. He add his subdomain in DNS module adding A records (mysubdomain.myname.com) and MX records. When he create FTP account he can also access other restricted directory. Good thing is he have web folder of it's own and a welcome page meaning that his website is working. Only the problem is with the unauthorized directory access. Screenshot below: Further googling shown that I have similar problem as this person: http://bugtracker.ispconfig.org/index.php?do=details&task_id=3014 I hope somebody here can help me with this. Thanks in advance.
Check your pure-ftpd config and ensure that virtualchroot is enabled in pure-ftpd. A client cant create a ftp user with directory /. Only the administrator (you) can do that on your server.