Jailkit is a set of utilities to limit user accounts to specific files using chroot()
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories. The chroot(2) system call is used by jailkit to put the user inside the jail..
If you want the user to be able to do just one thing, you can set up the jail so that the user is able to do exactly and only that one thing. For example, if you want the user to be able to run scp, you install a copy of scp in the jail along with just enough support to execute it (e.g., using a limited shell). As you can understand, the fewer executables you have in a jail (and the more their capabilities are limited such as using strict configurations), the more work a hacker needs to break out of it. It is important to note that a chroot jail can be easily escaped if the user is able to elevate to the root level, so it's very important to prevent the user from doing so..
In this summary, the top-level directory of the jail is referred to as JAIL. You can configure the JAIL to be any suitable directory (e.g., your JAIL may be /usr/local/chrootjail or /home/chroot). The JAIL directory should obviously be chosen so as not collide or interfere with other standard directories (e.g., it's probably a bad idea to use /home/chroot as the JAIL and also create a user named 'chroot'). A reference to JAIL/etc means "the etc/ subdirectory in your top-level jail directory". From the jailed user's point of view, the top-level jail directory is "/"..
Further information on: http://olivier.sessink.nl/jailkit/