Best practice / correct way to restrict FTP access to a specific folder

Probably a bit nooby question, but I didn’t find anything about it
Let’s say I have a dataset structure like this

  \ B
    \ C

For my local user USER I want to limit access via FTP to the folder C
I set C as USER’s home folder but USER can’t connect via ftp (access his home) if USER doesn’t have rights on the parent A dataset.

So, my question is, what’s the best practice for configuring dataset permissions in cases like this ?
chown or maybe ACL or doesn’t it makes sense at all ?

At the moment I’ve set an ACL on dataset A adding USER’s user and group without any permissions


The clear and unambiguous answer in FreeBSD is to jail the FTP server.

On Linux, the semantics are more complex (versatile, if you’re feeling generous) and the tooling a lot more confusing. I’ll let the Scale users describe exactly the options available, because I’m way too lost in the tooling for my own good.

I believe what you want to do should be possible.

When creating the user, e.g. tuser, select the path to the directory that will hold the home directory. Assuming A is a dataset and B is a directory you might select something like /mnt/tank/A/B. Then select the Create Home Directory checkbox. This will create /mnt/tank/A/B/tuser that is owned by tuser.

On the FTP advanced configuration page (System Settings → Services → FTP → Configure → Advanced Options) select the Allow Local User Login checkbox.