Normal users can go to /etc directory (may be to all other directories) and if there is “read only” permission to sensitive files, the user can download the file via FTP.
If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.
Open the vsftpd configuration file, /etc/vsftpd/vsftpd.conf, with the command:
# vi /etc/vsftpd/vsftpd.conf
Make sure following line exists (and is un-commented):
chroot_local_user=YES
Save and close the file. Restart vsftpd:
# /etc/init.d/vsftpd restart
Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root, /tmp and all other directories. This is an essential security feature.
Mohammedz.com 