How to setup chrooted sftp under any linux distro that has openssh version 4.8 or higher. Fedora 9 comes with openssh 5 so this is what I will be basing this howto on.

First let's create the directory structure for the users to log into. For example if you wanted each user to be jailed in their own directory you would create a directory structure just like the default /home/user setup. The main difference is that root has to own the directory completely. for example.

mkdir /jail
mkdir /jail/user
chown -R root:root /jail
chmod -R 755 /jail

Note: since the user will have no write access to the root level you will need to setup any directories/files in the jailed home and change the permissions beforehand.

Create a group for these jailed user accounts

groupadd jailed

Create all the user accounts you want to have sftp only access. make sure to set the path to the jailed home of each user and also turn off shell access.

useradd user -G jailed -d /jail/user -s /sbin/nologin

Edit the /etc/ssh/sshd_config and change the following.

Subsystem       sftp /path/to/blah

to

Subsystem       sftp internal-sftp

Add the following lines.

# set the group to be chrooted
Match group jailed chrooted
# set the chrooted path directive. 
ChrootDirectory /jail/%u
# Make sure the internal sftp is used
ForceCommand internal-sftp

Save and restart ssh

/sbin/service sshd restart.