chrooting sftp is a feature provided by the OpenSSH package in Linux. You can set up a chroot environment to avoid unwanted alterations of the system including uploads in unwanted locations when users are making use of sftp. When you chroot sftp for a specific user or all the users, the users can only access their home directories and subdirectories under it.
Method 1 (by openssh natively)
Starting from openssh-5.x version, sftp could chroot to specific directory. The following steps could implement the native openssh chroot for sftp.
1. Create the jail directory.
# mkdir /chroot/home
2. Mount it to /home as follows:
# mount -o bind /home /chroot/home
3. Edit /etc/ssh/sshd_config as follows:
# vi /etc/ssh/sshd_config ChrootDirectory /chroot Subsystem sftp internal-sftp
4. restart the sshd service:
# service sshd restart
Method 2 (by using pam_chroot)
1. Add chroot into /etc/pam.d/sshd file:
# vi /etc/pam.d/sshd session required pam_chroot.so
2. Modify /etc/security/chroot.conf to include the chroot directory.
# vi /etc/security/chroot.conf user /chroot_dir
3. Modify /etc/ssh/ssh_config
# vi /etc/ssh/ssh_config Subsystem sftp /usr/libexec/openssh/sftp-server
4. Restart sshd to apply new configuration:
# service sshd restart