openssh v5.0p1 chroot/sftp mac os x 10.4 errors



I've been attempting to set up a chroot jail for a group of sftp users on a Mac OS X 10.4.11 server. Unfortunately when any of the users login, they get kicked out with the following error in my /var/log/ secure.log:

"fatal: bad ownership or modes for chroot directory component "/""

Here are my configuration settings:

/etc/sshd_config
# override default of no subsystems
Subsystem sftp internal-sftp

Match Group webgroup
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

(note: I've also tried: ChrootDirectory /webhome/web)

Users are from an OpenDirectory Master. Shells are currently set to / bin/bash (no /bin/false as some write-ups suggest to use) and their home directories are set to /webhome/web.

Permissions and ownership on the chroot home (/webhome/web/) are:

$ ls -alG /webhome/
total 0
drwxr-xr-x + 3 root wheel 102 Jul 10 11:10 .
drwxrwxr-t + 33 root admin 1224 Jul 10 11:10 ..
drwxr-xr-x 6 root wheel 204 Jul 7 11:32 web

Within web, users have access to write to different directories:

$ ls -alG /webhome/web/
total 8
drwxr-xr-x + 6 root wheel 204 Jul 7 11:32 .
drwxr-xr-x + 3 root wheel 102 Jul 10 11:10 ..
-rw-r--r-- 1 root admin 7 Jul 2 15:48 index.html
drwxrwxr-x 3 user1 web1grp 102 Jul 7 12:07 site1
drwxrwxr-x 3 user2 web2grp 102 Jul 7 12:18 site2
drwxrwxr-x 2 user3 web3grp 68 Jul 7 11:32 site3

(note: web1grp, web2grp, web3grp are nested into webgroup)
(note: acls are used on the site directories to deny read access to specific groups)

Users not in the webgroup are able to login to the server with no problems.

From the documentation I've read, the permissions on /webhome and / webhome/web should be okay. I don't suspect the acl's as they are only set on the sub directories within web and not web itself. Also the documentation I've read states to chown the chroot home to root:root which is root:wheel (0:0) in Mac OS X.

Many thanks in advance...

Regards,

Luke