As per previous discussions, I've been looking for a solution to abolishing anonymous FTP while allowing users who authenticate against a nested user folder to be able to execute the CWD / command, which our FTP client (Dreamweaver) expects to be allowed to do (and rightly so). I've found a solution to this problem that I would like to request comment on: FTPServer.py 228 elif status==401: 229 if path =='/': 230 self.respond('250 CWD command successful.') 231 else: 232 self.respond('530 Unauthorized.') This causes the server to return a success command when the CWD / command is executed, but the underlying mechanics (which I do not fully comprehend) actually prevent the command from doing anything unless you have proper privileges at the root. Indeed 'CWD /' now, for users that do not have access to /, leaves you in the same directory. Aside from the obvious - changing a FTP command to do something other than what has been asked for - can anyone see anything wrong with this? And, does line 229 need to be 229 if self.path == '/' or path == '/' ? I'm not so sure about what self.path is compared to path. Thanks Edward (For those not keeping track, a previous hack that roots all unqualified logins in a specific acl_user folder combined with this completely disables anonymous FTP while not preventing proper FTP client functionality)