Hello, I am hoping someone maybe able to help me.
I have set up an Apache web server on my sun server with user accounts in the main htdocs directory. My question is how to stop these users searching up the directory tree when they ftp/telnet to the server. Also is it possible to restrict the commands they have access to? For example only let them have ls, cd, mkdir, rm.
I am using a sun sparc with solaris 8 installed, Apache 2.2.6.
Thank you for any help given.

If you give user's read/write access to subdirs of htdocs, you had better trust them. Otherwise you are allowing them to run arbitrary code as the apache user (this might be ok of course if you have set up apache so that the user running it has the minimum access).
Generally speaking, it's a better idea to allocate a seperate area for user's home dirs.

If you really have to do it this way though, you only need to grant execute access to the parent directories of htdocs. Leave off the read-access bit and they will only be able to change into the dirs, not read the contents.
eg

/ root root drwxr-xr-x

/export root root drwx--x--x

/export/htdocs root root drwx--x--x

/export/htdocs/user1 user1 httpusers drwxr-xr-x
/export/htdocs/user2 user2 httpusers drwxr-xr-x

Do you really need to allow them telnet ( or more generally shell ) access. If not, then disbale shell access for the users, switch to wu-ftp or vsftp, turn on the home directory jail function of the ftp daemon and that should be it.

There are other concerns that you should consider as the previous post indicated. I would never consider giving users access to a folder under the web root, apache has other functionality which you can use to achieve the same thing.