sftp chroot's are fairly simple as there isn't any need to 'jail' all the environment needed for an interactive shell, you just need to decide on a user and/or group.
Originally Posted by csiis
Openssh-4.9 and up supports chrooting sftp with no additional utilities.
Edit /etc/sshd_config and make sure 'Subsystem sftp' is defined. Then add something like the following.
Create an group and account for 'sftpuser' with '/bin/false' as the shell ..
Match User sftpuser # this could match on group its up to you.
Create the ChrootDirectory /home/sftpuser and change ownership to root:root ..
% sudo groupadd sftponly
% sudo useradd sftpuser -g sftponly -d /home/sftpuser -s /bin/false
% sudo password sftpuser
The direcory above (/home) should also be root:root but as this is the default there is no need to go into that unless you've changed it for some reason.
% mkdir /home/sftpuser && chown root:root /home/sftpuser
Restart sshd and test the login 'sftp firstname.lastname@example.org, and test its jailed .. then test 'ssh', you should be logged after it accepting the passphrase (if you have '/bin/nologin' set as 'shell' they will get a notice .. /bin/false will just fail and logout).
The sftpuser will be able to upload files in /home/sftpuser, if you wanted you could create a loop image with a filesystem and the file(s) and then mount it read-only as /home/sftpuser, or you could have the files on some other place on the filesystem and 'mount -r --bind /path/to/dir /home/sftpuser'.
I'm kinda working from memory here, but the above should work as expected, let me know if not.
HTH ... khay