One of the most popular FTP-serving packages currently in use on Linux systems is ProFTPD. This popularity is due to its extensible nature and easy Apache-like configuration syntax. While using ProFTPD is pretty simple, you must configure it properly, or you risk exposing vulnerable parts of your system via FTP.
For example, let's say you manage a private FTP site that requires proper credentials and a password for user login. By default, users have the same access to the file system as they would if they had shell access; they can write to files in directories they have write access to, and they can read (or download) files in directories that they have read access to.
UNIX permissions aside, this is not a good thing. In most cases, a person with FTP access doesn't have shell access to a system, and he or she wouldn't be able to read important files, such as configuration files located in /etc. But by providing an FTP account, you may be giving users more information than you may ever want.
However, the solution is simple. ProFTPD allows you to chroot (or "jail") users to a particular directory, including subsequent files and subdirectories--UNIX permissions permitting, of course. To contain users to their respective home directories, use the DefaultRoot keyword in your proftpd.conf configuration file, as shown below:
This chroots users to their home directory (~/). But by chrooting users into their top-level home directory, they could potentially upload files such as ssh keys that they could use to get shell access.
You can elect to chroot them to a subdirectory or another directory altogether. For example, you could use the following:
This chroots users to ~/public_html, which they can use for their Web pages--a much safer place to chroot users.