all sftp users to their home directory
on your SFTP server type
group add sftpusers
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
You want to put only certain users (i.e users who belongs to sftpusers group) in the chroot jail environment. Add the following lines at the end of /etc/ssh/sshd_config
Match Group sftpusers
Match Group sftpusers – This indicates that the following lines will be matched only for users who belong to group sftpusers
ChrootDirectory /sftp/%h – This is the path that will be used for chroot after the user is authenticated. %h indicates the users home directory. So, for john, this will be /home/john.
ForceCommand internal-sftp – This forces the execution of the internal-sftp and ignores any command that are mentioned in the ~/.ssh/rc file.
next either add new users to your system or you can add existing users to the system
user add john mary clive
Add all sftp users to the sftp group by editing your
Make sure users cannot login using ssh, do this by editing /etc/passwd
and changing /bin/bash to /bin/nologin of each SFTP user
chmod -R 755 /home/john
then you must set the following ownership to the users home directory
chown -R root:sftpusers /home/john
you can now sftp into your server and the sftp users will be restricted to their /home folder only.