Hello! I'm having the following problem. If I create a user for my web site, then this user has a full access though sftp to the www, home and the root directories on the server. That look as a huge problem for me. Why should it be allowed to a user to look all directories? It is true, that you cannot delete something that is not in your folder, but I can download all the files and look them. Not exactly all files, but the most of them. There are some files that I can not read or download with chmod 701 or so. What should I do to secure my server? I want that all the files on the server are visible only to the admin, and that a user doesn't see more, than his own files.
Since you don't tell us what OS you are using, I can only give you a global answer: ChRoot SSH/SFTP. There is a nice howto on howtoforge.com for Fedora7 which could help you as an example: http://www.howtoforge.com/chroot_ssh_sftp_fedora7 Another one for CentOs 4.4: http://blog.wanderinglost.ca/?p=9
