Try something like this- Lock the users, but not in their home directories. Create the lock in a location like /var/ftp/pub/higher/lower. Give those with access to the lower group whatever permissions they need for the lowest directory - read, write maybe. They shouldn't need execute most likely. Make the people with access only to the lowest level have username=low group=low. Set the permissions for the low directrory to be 666, everyone has read and write access. Also, make the owner of that low directory low:low. Then do something similiar for the higher directory. Make them user=high group=high, set the permissions to 660, and the owner of the higher directory to high:high. That will block the people in low from even seeing it, but allows the people in high to see both low and high. How specifically to accomplish the lock depends on which FTP server you are doing. VSFTP is the best, no question about that. It rocks the house.