restricting where pureftp users to web directory

[vmos2]

Good afternoon, I recently built a debian server and put in pureftp with mysql and the pureftp manager front end from solariz.

Now this front end is going to be used by a client to create directories for websites so in the front end they put in /web/www.website.com for the ftp root

and when that user logs in they are chrooted to www.website.com and can't go anywhere, that's all grand

but the problem is that the client can use the front end to put in /u0/ or /etc/ as the ftproot for example.

OK, they won't have write access but for a number of reasons I need to keep them out of there.

I've found out how to specifiy /web as the default directory but I can't find how to leave the client with no other option and ensure they can't get access outside of the /web directory

any ideas?

[falko]

I don't know Pureftpd Manager, but shouldn't only the admin be allowed to specify/change the directories?

[vmos2]

well yes, but that's the problem. The client needs to have access to create ftp accounts (there's also a front end for them to add vhosts) so they look after the web end but at the same time I need to keep them out of the rest of the server.
They only have access to the /web directory but they could potentially use this to get read access to the rest of the server (I know this because I've tried it)