Implementing 'ftpchroot' is quite simple, but it does require a bit of editing work as root. If you'd like to restrict your FTP users to their own directory, read the rest of this tip.
This only works for users who exist as users on your system. You may want to create a generic 'ftpuser' for such purposes. For this example, we'll assume you have two users, 'tom' and 'ftpuser', and you'd like to restrict both of them to their home directories.
- Open a terminal and type cd /etc to change into the 'etc' directory.
- We'll use pico as the text editor, since this is a very simple file. Type sudo pico ftpchroot and enter your normal admin user's password when prompted.
- When the file opens, simply type each user's short name on a line of its own:
ftpuser
tom - Save the file by typing Control-X.
To implement the file, you will probably have to restart your network -- you could try disabling and re-enabling FTP from the Sharing prefs panel, but a full restart will definitely do the trick! If you ever need to add more users, just follow these directions and add additional rows for each new user you wish to restrict.
To test the restrictions, find another machine, make sure your OS X box has FTP enabled, and connect via FTP as one of the restricted users. You should NOT be able to navigate up from your starting location. If you can, then something's not working correctly. I have tested this tip myself, and it works exactly as described here - thanks, Apple, for getting rid of this relatively large security hole! Note that FTP still transmits passwords in cleartext, which is why setting up an "ftpuser" may be a good idea.

