Hi all

I want to lock down a user to their home directory and offer them no commands to run a part from whats in $HOME/bin (one command)
So I don't need cd, ls etc for the users - only the one command local to them.

I think I need to remove /etc/profile, /etc/bashrc and just have the path set to $HOME/bin in .bash_profile. Would this let them see nothing?
I tried to change /home to no rwx but then ssh can't change to the users home directory because it doesn't have permission.

I may be going about this the long, wrong way - anyone offer any advice?

So in summary - user logs in via SSH, can't leave own directory, has no commands to run apart from whats in $HOME/bin.

Thanks in advance

If the scope is strictly users logging in tru ssh, then there's chrootssh.sourceforge.net (BTW, if anyone ever needs to allow users access to only scp/sftp there's also shells that only allow that: Google for Rssh or Scponly). Since Chrootssh uses the default chroot syscall, please consider hardening it using the GRSecurity kernel patch (and get much more hardening options in return than only making chroot "better").