Minimal Shells

By Paul Murphy, author of The Unix Guide to Defenestration

Restricted purpose shells like rsh and rksh are neat tools for giving someone just enough control to get their job done, and nothing more.

Carry shell restriction to its extreme and you get a one liner:

int main(int argc, char *argv[])
{
return execl( "/full/path/to/application_startup/script/", (char*) 0 );
};

that you can add to /etc/shells and attach to the user in /etc/passwd.

With this pseudo shell the user can only run the one application you've compiled in -- and any serious attempts to break out will result in a logout.