create a separate account for ftp which only has access to specific directory, and chmod and chown the dir properly, also i suggest you dont make the dir availible thru webserver to public and you limit what file extensions someone can upload in ftp server.