SFTP + ChrootDirectory: Is it possible to prevent a user from exiting a folder?

currently, the user connects via SFTP to the server and is placed in the files folder. Is there a way to prevent them from exiting the files folder? sshd config for the user sftp: Match User sftp ForceCommand internal-sftp -d /files/ PasswordAuthentication no PubkeyAuthentication yes ChrootDirectory /home/sftp/uploads/ PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no I know that ForceCommand internal-sftp has additional options — -P to allow, and -p to deny. However, combining them with the result I want has not worked. The closest I’ve gotten is "ForceCommand internal-sftp -d /files/ -P stat", but when I deny stat, the user can no longer download files. Here is the full list of keys: open, close, read, write, lstat, fstat, setstat, fsetstat, opendir, readdir, remove, mkdir, rmdir, realpath, rename, readlink, symlink, posix-rename, statvfs, fstatvfs, hardlink, fsync, lsetstat. Has anyone faced a similar issue before? How did you solve it?