(Problem #1 :) Currently I have the following: <Directory /home> <Limit LIST NLST> DenyAll </Limit> </Directory> <Directory /home/*/> <Limit LIST NLST> AllowAll </Limit> </Directory> What I mean it to do is permit /home to be listed in /, not permit the contents of /home to be listed, permit ppl to cd into the directories of /home and for people to be able to list the contents of the home dirs themselves. This ALMOST works except: 1. When in a home dir, NLST does not work. It's as if the second <Directory> never got read. Am I misusing the wildcard? I can't think of any other way of denying LIST and NLST access to just -ONE- directory level... 2. Doing something like: LIST -d ***** in /home circumvents the limit and permits listing of /home Main reason I have for blocking this is that /home contains 10,000+ dirs and listing this tends to suck CPU LOTS and ofcourse most people happen to use graphical browsers and then they get lost and so on... Problem #1.1: Actually, looking at the top list, LIST -d ***** has caused the server to spin out. It's currently sucking cpu like mad even though I've disconnected and quite the ftp client. This is obviously bad as it could make a system's load skyrocket to the point of unusability and therefore be a nice DoS attack. Problem #2 :) I have 1 user who cannot log in. We are using pam authentication and even if I just put pam_permit for the auth block it still denies him access. I've checked his shell (/bin/sh) and it's in /etc/shells. I can log in as him with telnet using a similar auth sequence as proftpd (pam). Can anyone think of what might be causing this/I might want to look for? I have no limits on logging in in the proftpd.conf. Just <Directory> based limits on reading and writing and listing. I run Proftpd 1.2pre7 in a glibc 2.1.1 system and have compiled it with gcc 2.95.1 on Linux 2.2.12. linux capabilities, pam and readme modules compiled in.