create user that is restricted to sftp only, is jailed (chroot) and can still access certain directories outside his jail.

create-jailed-sftp-user

#!/bin/sh

# add group
groupadd sftp-fileshare

# add user
mkdir /home/sftp-fileshare-user1
chown root:root /home/sftp-fileshare-user1
chmod 0755 /home/sftp-fileshare-user1
useradd --home /home/sftp-fileshare-user1 --shell /bin/false sftp-fileshare-user1
usermod sftp-fileshare-user1 -g sftp-fileshare
passwd sftp-fileshare-user1

# mount a directory outside jail
sudo mount --bind /var/www/somedir /home/sftp-fileshare-user1/somedir/
# mount needs to be added to fstab, so its created again after restart
chown -R sftp-fileshare-user1:sftp-fileshare /home/sftp-fileshare-user1/somedir/

# clear profiles etc, no need for them
cd /home/sftp-fileshare-user1
rm .*

fstab

...
/var/www/somedir /home/sftp-fileshare-user1/somedir/ none bind 0 0
...

sshd_config

...

AllowUsers ... sftp-fileshare-user1

Subsystem sftp internal-sftp
Match Group sftp-fileshare
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

...