FTP wide open - How do I lock a user to home?

Post Production

I needed 200MB of audio files and they were on the other side of town. I opened system preferences and turned on ftp services. Then also in system preferences, I created a new user account. The person on the other side of town sending me these files was a friend, but I did not want him logging into my mac as me. I made the router was letting port 21 through to my computer, then i tested it out with transmit.

I logged into my computer with the WAN IP using the new user account. All was well, a familiar home directory popped up. But to my dismay, this user was not locked to his user directory. In fact, I could change to the root directory and upon entering the volumes directory therein, I had full unfettered acces to the contents of my external hardrives.

Now since this was a friend and only 200MB, I unmounted the drives and let my friend have the login info. My files arrived and I turned FTP of again.

If this has been a client, or I was needed to leave the server running for an extended period of time, I would not feel comfortable being as exposed as I was.

Does anybody know why? Or even how to fix this issue? I simply want to lock an ftp user to their home directory using the built in apple ftp server.