I've got 4 websites on my ISPConfig enabled web server (latest update). I've been able to create shell users such that I can edit files over WinSCP. However, I also saw that when I'm logged in as any client in WinSCP, I can just go up directory and browse and edit all other clients' files. I would like to avoid that from happening. I tried using the jailkit option but that didn't help. Can anyone think of something else that can restrict the access?
Just enable jailkit for the shell users. Then log in again, you will see that you can not access other sites anymore and not the real root system. It might look for you as if you can see the root filesystem as there are folders like /etc and /var, but they are a copy of the root system in the jail.
