So, from what I can tell, this is a way to do this using SSH. And its actually pretty simple, and seems to work just fine. I am not a security expert, so take it for what its worth.
OpenSSH apparently has this ability built in, few people just seem to use it (admittedly setting up ftp servers probably isn't that bad). Here's what you have to do (or at least what I did to make it work.
1. Decide where you want to put the users directory. I didn't want him in my home directory but on a 2nd HDD that has more room. You could make this work using the /home directory as well though.
2. Set up that directory. The entire path MUST be owned by root.
3. Then make sure that directory is all root
sudo mkdir /media/Data/sftp_users
4. Then make the user account (i.e. if the username was to be john)
sudo chown root:root /media
sudo chown root:root /media/Data
sudo chown root:root /media/Data/sftp_users
This will create the user name, directory and group called john
sudo adduser --home /media/Data/sftp_users/john john
5. Create a group that you want to put the new user in. Something like sftponly
6. Make sure the user is added to the group. Also change ownership of their directory to root
sudo groupadd sftponly
7. Now the user is set up, so we set up OpenSSH. First step is to set up the internal sftp server. Open up your sshd_config file and change the Subsystem line to this (I commented it out and added a new one)
sudo usermod -a -G john john
sudo usermod -a -G sftponly john
sudo chown root:root /media/Data/sftp_users/john
sudo nano /etc/ssh/sshd_config
8. Now set up the chroot environment - add these lines at the BOTTOM of your sshd_config (you should still be in it, or sudo nano /etc/ssh/sshd_config)
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match the "sftponly" here to whatever your group is.
Match Group sftponly
The %u will allow any user set up appropriately to use this. You could just put in the specific username if you only had one (that's probably what I'll end up doing)
Also I took out the "PasswordAuthentication yes" line, because I'll be using SSH keys to authenticate, but you could do that.
9. Save and restart the ssh server (sudo restart ssh)
10. Done. You should be able to log in to your SSH server now using something like "sftp john@localhost" or whatever you normally would use.
11. You probably need to create a "working" directory. The user directory has to be owned by root for the chroot and sftp stuff to work. But, because of that, the user can't do anything within that folder. So I created a sub-directory with user ownership (I created a "john" subdirectory) that the user owns. Then they can create files within that.
NOTE:: I just barely got this working, I don't know how well it works, or how secure it is.
All I know is I can't change directories out of that home directory. If I find that there are problems I'll post what I find out.
Also there are much quicker commands to do much of this, but I wanted to try and be clear on what I did (mainly for my own future referrence) but it may be useful to others also.