Une solution est de leur attribuer un shell restreint, par exemple rbash (dant cet exemple, il s'agit du shell bash lancé par "rbash" au lieu de "bash").
If Bash is started with the name rbash, or the `--restricted' option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. A restricted shell behaves identically to bash with the exception that the following are disallowed:
* Changing directories with the cd builtin.
* Setting or unsetting the values of the SHELL, PATH, ENV, or BASH_ENV variables.
* Specifying command names containing slashes.
* Specifying a filename containing a slash as an argument to the . builtin command.
* Specifying a filename containing a slash as an argument to the `-p' option to the hash builtin command.
* Importing function definitions from the shell environment at startup.
* Parsing the value of SHELLOPTS from the shell environment at startup.
* Redirecting output using the `>', `>|', `<>', `>&', `&>', and `>>' redirection operators.
* Using the exec builtin to replace the shell with another command.
* Adding or deleting builtin commands with the `-f' and `-d' options to the enable builtin.
* Specifying the `-p' option to the command builtin.
* Turning off restricted mode with `set +r' or `set +o restricted'.
# Shell Restreint
Posté par Arnaud Da Costa . En réponse au message Securité shell ssh sous Debian. Évalué à 1.
http://www.faqs.org/docs/bashman/bashref_75.html