Hi,
I have Read Hat 7.3 power server with Ensim WEBppliance Pro.
When I Add domain for my client he become ftp access and initially DIR is home/username/ and this is OK.
My client can go DIR UP “home/” where is only his username, this is OK.
But my client can go again DIR UP “/” where is another DIR and files:
Bin
Dev
Etc
Home
Lib
Sbin
Tmp
Usr
Var

Is this insecure???
And what can I do about this??

Thank You

Typically, this is a problem with making sure that your FTP server is configed for 'chroot' where the user wouldn't be able to traverse up the directory tree like that.

I actually don't know what the behavior for Ensim WEBppliance Pro is.

Is this problem isolated to a particular server or all installations of Ensim WEBppliance Pro?

I believe Ensim installs ProFTPD by default, so it is fairly easy to configure chroot for the users. You just need to add the following line to the global configuration section of the /etc/proftpd.conf:

DefaultRoot ~

Then restart proftpd:

service proftpd restart

If you get an error such as "nothing known about proftpd" then it is probably running from xinetd and a restart is not necessary.

If by some chance wu-ftpd is installed, you need to change the users home directory in /etc/passwd and add a "./" at the end of it to chroot them to that directory. For example, if the home directory is "/home/john" it nees to be changed to "/home/john/./" .. wu-ftpd will chroot the user at the point where the "./" appears.

-knightfoo