I'm not sure how the OpenSSH implementation handles ACLs, maybe that'san option but I did not test it.
Then there is Proftpd which has a mod_sftp extension.
And there are still the solutions which predate the chroot() and sftp-internal
implementation possible with OpenSSH like
- scponly
- rssh
- rush
All of them have a somewhat mixed security record and have some cost in
terms of chroot setup and mainting them properly.