Answer by Kamil Maciorowski for How to create SFTP user with specified directory permissions

the user doesn't see his own home folder (/home/example.com)

Yes and no. The directive ChrootDirectory %h makes the real /home/example.com appear as / to the user. The user sees this /, so he kinda sees what the OS considers his home directory; he doesn't see it as /home/example.com though. The user cannot write to the directory because of the ownership and permissions you set up. These are nevertheless right:

ChrootDirectory

Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group.

^{(source: man 5 sshd_config)}

But then:

After the chroot, sshd(8) changes the working directory to the user's home directory.

^(ibid.)

In your case the server tries to change the working directory to /home/example.comafter the chroot, i.e. when / already corresponds to the real /home/example.com. Outside of the chroot this would be /home/example.com/home/example.com.

The easiest fix now is to create this exact directory with ownership and permissions the user expects. Do the following on the server:

# as rootmkdir -p /home/example.com/home/example.comchown sftp_user: /home/example.com/home/example.com

From now on the user will see /home/example.com and be able to use it, but on the server this will be /home/example.com/home/example.com.

This may seem over-complicated, but in general it makes sense. In general you don't have to use sole %h as ChrootDirectory. If you don't restrict the user to sftp, you need to put few things (a shell, basic /dev nodes) in what the user sees as their /; and/or you may want few users to share a common chroot. In this scenario ChrootDirectory /chroot_jail makes more sense than ChrootDirectory %h. Then you would need /chroot_jail/home/example.com instead of this odd-looking /home/example.com/home/example.com. Our solution uses home/example.com inside /home/example.com/ because you used ChrootDirectory %h.

Yo dawg, I herd you like home/example.com, so I put home/example.com in your /home/example.com/ so you can access your files while you access your files.