I am working on hardening security. To my "dismay" today I logged in as user "himalayan" via sftp and discovered that i could "see" all the way to root and also read files....owned by root (because of course permission were for those files were "rw--r--r--"
But, in the FTP Restrictions panel I have set all the virtual servers to
active (check) | with the domain/virtual domain chosen | (__ All Except Server) is unchecked | and radio set to "Virtual server's home directory"
should this not restrict this user from seeing files all the way to root?