I too would like to know chroot will not work.

I guess I should clarify some things...
when I said chroot wasn't an acceptable solution - I only meant by itself.

I do, in fact, use chroot; which limits the user ONLY to sftp.
In fact, my chroot jail, is about as lean as you can possibly have one. - the whole jail (excluding the home directory) contains only 20 files in total (~ 4M in size) - in only 3 directory's: /dev; /lib; and /usr (and /dev only contains null)

I guess in the ideal - if I could have a user chroot'd to their home directory (without the need for them to see those 3 directories), and if sftp existed in some "rsftp" version, where I could eliminate the 'cd' command (or restrict) it, and if I could have all of this in a form that's easy enough to delagate user maintenance, I would be perfectly happy.

It doesn't seem to me that, that's asking for alot...
I suppose the easy/delagate part may simply be me writing a bash script - I'm ok w/ that. But the rest seems to be very difficult to attain - which surprises me.

Isn't sftp basically just a wrapper for ssh? Then perhaps you could assign the users a custom shell which lacks or restricts the commands you find problematic.

an interesting question...

I'm not sure that sftp is a wrapper, but I'm guessing it is not...

I make this statement based on the fact that my own chroot jail does not include ssh in it. The only "executable" in my jail is "sftp-server" (which is located under /usr/lib)

So I've always seen sftp as a separate app; I'm not sure if it does work thru ssh (even in a chroot jail)?

Anyone know if the command set can be limited somehow - either thru sftp itself or ssh (if that's the "mother app") ?