Prerequisites
Before restricting FTP access, make sure you have:
- Access to HestiaCP control panel
- At least one domain/web domain added
Why Restrict FTP Access?
Restricting FTP to a single folder (jail/chroot) improves security by preventing users from accessing other directories on your server.
Method 1: Set Directory During FTP Account Creation
Step 1: Log in to HestiaCP
https://YOUR_SERVER_IP:8083Step 2: Navigate to WEB Section
Click on WEB in the top menu bar.
Step 3: Select Domain
Click on the domain you want to create FTP access for.
Step 4: Go to FTP Accounts Tab
Click on FTP Accounts tab.
Step 5: Click "Add FTP Account"
Click + Add FTP Account.
Step 6: Set Directory Path
In the Directory field, enter the specific folder path:
Examples:
/home/admin/web/example.com/public_html/uploads
/home/admin/web/example.com/public_html/wordpress/wp-content
/home/admin/web/subdomain.example.com/public_htmlStep 7: Complete Creation
Set username, password, and click Add.
Method 2: Use FTP User Home Directory Parameter
When creating FTP user via SSH:
/usr/local/hestia/bin/v-add-ftp-user admin user@example.com P@ssw0rd /home/admin/web/example.com/public_html/restricted-folderThe user will be jailed (chrooted) to that directory.
Common Restriction Scenarios
- Developer access: Restrict to specific project folder
- Client access: Restrict to their website folder only
- Upload folder: For external file contributors
- Log access: For monitoring purposes
Verify FTP Restriction
After connecting via FTP, attempt to navigate to parent folders (e.g., ../). Restricted users should see an error or be unable to access outside their directory.
Modify Existing FTP User Directory
/usr/local/hestia/bin/v-change-ftp-user-directory admin user@example.com /home/admin/web/example.com/public_html/new-folder✅ FTP account has been restricted to the specified folder.