In the thread linked by DutchTSE, DA Staff says versions.txt to be downgraded to 1.3.2, but when I download the newest versions.txt it contains 1.3.3a so I take it this has been resolved?
What version are you running @PRB?
A recent update for proftpd has been released which will resolve an important security issue. It's highly recommended that all admins update their systems to proftpd version 1.3.3c.
Some reading indicated to me that the issue was introduced in 1.3.2rc3 (not confirmed), so previous versions might not be affected, but upgrading anyway is still highly recommended.
Can you document that users logging in under their own username have complete root access to read and write anywhere on the system
Either way please tell us exactly which kind of ftp account his this problem:
Accounts created when creating a user account under DirectAdmin?
Accounts created from the root shell using adduser?
Virtual FTP accounts created for a given user/domain under DirectAdmin?
http://directadmin.com/forum/showpost.php?p=182059&postcount=4
I havent personally tried it yet...but I am thinking about it.
Yes, they have complete root access. They see the root of the server and can see all the files in for example the /etc directory. They also see the list of usernames in /home but cannot see the files of the specific users (thank god!). They however cant edit any file other than the files of their own account.