If you want the default directory that users start in to be writable then you must create their home directory under the chroot. Else you can get errors type of:
Nov ** 12:35:00 sftp-server sshd[10267]: Accepted password for user from localhost port 39150 ssh2 Nov ** 12:35:00 sftp-server sshd[10269]: fatal: bad ownership or modes for chroot directory "/home/user01"
After sshd has chrooted to the ChrootDirectory, it will chdir to the home directory as normal. So, for a passwd line like:
user@localhost:~$ cat /etc/passwd | egrep user0 user01:x:1001:1001:,,,:/home/user01:/bin/bash user02:x:1002:1002:,,,:/home/user02:/bin/bash user@localhost:~$
insert in /etc/ssh/sshd_config:
Match User user01
ChrootDirectory /incoming
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Match User user02
ChrootDirectory /incoming
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Create directories:
root@localhost :/$ mkdir -p /incoming/home/user01 root@localhost :/$ mkdir -p /incoming/home/user02 root@localhost :/$ chown user01.user01 /incoming/home/user01 root@localhost :/$ chown user02.user02 /incoming/home/user02 root@localhost :/$ chmod 750 /incoming/home/user01 root@localhost :/$ chmod 750 /incoming/home/user01
Last directory is user-owned, everything else must be root-owned.
A variant of this that yields less deep directory trees would be to set
the passwd file up as:
user01:x:1001:1001:,,,:/user01:/bin/bash /home/user01 <-> /user01 user02:x:1002:1002:,,,:/user02:/bin/bash
Also look to http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/