Hello there! I have a problem, where ftp users can access and modify (rwx etc, regardless of chmod) ftp folders on different sites, which is... well, not good. I have ISPConfig 3.2.8p1, full root privileges etc. I followed the Prefect Debian10 server tutorial for the setup, which is running on a Raspberry Pi 4. The problem in detail: (simplified) The main domain I use is galeen.hu. There are more, but for this I will show only one: eternalc.tk. They both have their own ftp users, which work just fine, without an issue. (I won't tell the specific usernames ofc) mainuser for ftp://galeen.hu eternalcuser for ftp://eternalc.tk BUT mainuser can access ftp://eternalc.tk with full privilege (shouldn't even log in at the first place) and eternalcuser can access ftp://galeen.hu. I've been sitting in front of the monitor bc of this for 2-3 hours now. Please help :b
Of course you can access FTP on both hostnames with the same user, but the content of the directories you see will be different depending on the user. So if you create a file "aabb" with the user "mainuser" and then log in with "eternalcuser", you should not see the file "aabb". Do you see the content of the other site?
And double check that you really logged in with FTP and not SSH. FTP are the protocols FTP and FTPS while SFTP is SSH and provided by the SSH Daemon and not pure-ftpd. Another note, website directories contains folders like /etc, /usr and so on when there is a jailed ssh user or cronjob for that site, so if you see such folders via your FTP user, then this does not mean that the chroot is not working as these folders are not the system-wide folders, they are just limited copies with the same name.
I am logged in thru FTP and not SFTP, and both users can see and modify the whole content of sites, no matter where they log in (content does not change depending on user). The shell user chroots did work just fine when I last checked, although rn the shell users are thrown out of the shell after login, saying that the connection closed. That is not something I want to worry about right now, that is for another time. For now, the FTP is a much bigger problem for me.
Shouldn't the option for the directory override this in the FTP user's options? It is set to /var/www/clients/client4/web10 for eternalcuser.
If FTP users can scroll through all sites then chroot isn't working. Chroot would prevent the FTP user to scroll beyond it's own site. As Till already stated some folders may make it look like thay are displayed although they shouldn't be. But that's only when jails are applied and is proper functioning. It has nothing to do with the functioning of chroot. My best guess is that there's something wrong in your FTP server settings. I'd suggest to go back to the used tutorial for the installation of the server and double or triple check especially the FTP section.
