Linux restrict user to specific folder in var/www

My apache root /var/www/html/ contains the following folders.

1. myapp
2. test
3. testapp

I want to create a new user to access only testapp folder (read/write). Other folders shouldn't be read.

I created a new user for for the group www-data (as www-data is the owner of the /var/www/html/) and I'm able to login via ssh as well. Now the problem is the new user is having access to all the 3 folders above. I need to restrict the user to have access only to testapp folder. (Other folders shouldn't be read by the new user)

Some people suggested to use chroot but it is unclear for me. Is there any way to restrict the www-data user only to a specific folder?