If anybody needs to lock (chroot) an SFTP user to his own folder I did it like this (might be improved)
After having enabled ShellOverrideStatus (while i’m unsure that’s needed actually) :
Create chrooted
group and assign it to an user.
mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config/
nano /etc/e-smith/templates-custom/etc/ssh/sshd_config/69chrootedSFTP
add the following contents :
match Group chrooted@yourdomain.tld
ChrootDirectory /var/lib/nethserver/home/
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
And finally
signal-event nethserver-openssh-save
The users in chrooted group will only be able to access their own home folder.
(further security tests should be done : that’s a quick and maybe dirty solution)