Locking down vsftp is pretty easy, but giving access to symlinks is another issue entirely.
To lock down vsftp, use the method as per the link above (chroot_local_user=YES) or one may also use the feature in vsFTP that allows a list of users who should / shouldn’t be chrooted;
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
Then give a restart with /etc/init.d/vsftpd restart
But there’s a problem if the user needs to access a folder outside the chroot that’s symlinked into his folder. With vsFTP, the folder can’t be seen! Luckily, Radu has the solution for us to resolve the symlink problem.
We create a new folder, then use mount to make an existing otherwise-inaccessible folder available via chrooted vsftp:
mkdir /home/me/webfolder
mount --bind /var/www/webfolder /home/me/webfolder
that’s it, given that the permissions are OK, now the user can do what they need to!