After googling for some time, this is simplest solution that I found for creating a user that is limited to the home directory and has only ftp access on Ubuntu. Do as root:
Update: the previous solution involved using vsftpd.chroot_list and a non-executable shell (such as /bin/false). This is problematic as it still allows e.g. ssh tunnels (as described here). The current solution is based on this article and this askbubuntu entry.
The first-time setup looks like this:
addgroup limitedftpusers vim /etc/ssh/sshd_config
In sshd_config make sure that the sftp subsystem is configured like this
Subsystem sftp internal-sftp
and add this snippet to the end of the file
Match Group limitedftpusers ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp
and use the following to update the ssh service with the new config.
service ssh restart
(End of first-time setup)
After this initial setup, here’s how you can add a user to this now ftp-only group.
useradd -d /home/joe -M -N -g limitedftpusers joe passwd joe mkdir /home/joe chown root:root /home/joe chmod 755 /home/joe mkdir /home/joe/upload chown joe:limitedftpusers /home/joe/upload
The last two lines are needed to have a write-enabled directory for the user (see the askubuntu entry for more details)