So I've being using ISPConfig for about two years I think. Version is 2.2.18 running on ubuntu. I installed this and played around with it at the time I installed it and since then I've never touched it. Its been running fine sitting in the background doing its job quietly. However recently a new user complained that he could not get ftp access so I had a look and strangely enough found out that yes he can get to ftp but not just his site he can actually browse the whole server with his user account. So I've tested other users on the system and it seems like it is the same for every user I have on the system. When the user logs on first time he goes to his respective web , but if he goes up levels then he can see other folders as well. I'm not even sure where to start looking as its been such a long time that I installed this sytem. Can some one help at all , or point me to the right direction. Thanks in advance.
You have to enable the ftp chrooting as described in the perfect setup guide. Add the line: DefaultRoot ~ to the proftpd.conf file and restart proftpd.
wow, didn't expect a reply so quick. that line is already there # Use this to jail all users in their homes DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server Ready." # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. # RequireValidShell off # Port 21 is the standard FTP port. Port 21 Any other thoughts??
Then you either run a different ftp server and not proftpd or your users accessed the server e.g. by ssh or sftp and not ftp.
my apologies, I have used winscp to check this and realised i was using the sftp option to connect and that is what gives the user all access. However now changing that to ftp user has only access to their folder. But surely that can't be right, that using sftp they can have complete access. ?? Thanks for your help
