On a Debian Wheezy machine, I've installed Pure-FTPD. As I wanted the users to be chrooted into their home directories, I took a look at the virtualchroot functionality.
After a bit of configuration, I am now at the point where I think the PureFTPD start works as expected (Output of service pure-ftpd restart):
Restarting ftp server: Running: /usr/sbin/pure-ftpd-virtualchroot -l pam -8 UTF-8 -u 1000 -E -A -O clf:/var/log/pure-ftpd/transfer.log -B
I can see the -A parameter that results from the file /etc/pure-ftpd/conf/ChrootEveryone with the contents 1.
But strangely, no user is actually chrooted. It's as if the -A option is silently ignored. Users can still traverse the directory tree upwards.
The daemon is started standalone, as witnessed by /etc/defaults/pure-ftpd-common having
STANDALONE_OR_INETD=standalone
VIRTUALCHROOT=true
, and by the fact that I just stopped the inetd superserver and restarted pure-ftpd, and a connection still works.
I've found this thread, and it's definitely not started by any superserver.
Edit 1: I've tried to find a workaround and found the option TrustedGID. So I used group-ID 0 as the trusted group, implying that all other groups should be chrooted. However, that doesn't happen as well, making it less likely that this is a bug of some kind.
