Create separate partitions for Apache and FTP server roots.
Edit /etc/fstab file and make sure you add the following configuration options:
noexec – Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
nodev – Do not allow character or special devices on this partition (prevents use of device files such as zero, sda etc).
nosuid – Do not set SUID/SGID access on this partition (prevent the setuid bit).
Sample /etc/fstab entry to to limit user access on /dev/sda5 (ftp server root directory):
/dev/sda5 /ftpdata ext3 defaults,nosuid,nodev,noexec 1 2
