make sftp-server setuid root and let it do the chroot itself, depending on a config file, like /etc/sftp-chrootusers but you have to be careful. chroot $HOME is probably not really save if .ssh is writeable to the user. and so on. -m