By Paul Murphy, author of The Unix Guide to Defenestration
Restricted purpose shells like rsh and rksh are neat tools for giving someone just enough control to get their job done, and nothing more.
Carry shell restriction to its extreme and you get a one liner:
int main(int argc, char *argv)
return execl( "/full/path/to/application_startup/script/", (char*) 0 );
that you can add to
and attach to the user in
With this pseudo shell the user can only run the one application you've compiled in -- and any serious attempts to break out will result in a logout.