I would like to restrict the commands that a specific user can use on my linux box. This is generally not useful. anyone could compile the commands (maybe on another machine) and put them on your box (except for suid binaries, of course). Linux is a stable and secure OS, you don't really need to block some programs. What you may want to do is to enable the procfs patch (get it from www.openwall.com/linux), which prevents a user to see other users processes. You should also make /tmp in a noexec and nosuid partition and /home also nosuid. then give each user a private tmp directory and set TMPDIR and TEMPDIR to this directory. screen (if you use it) should also be configured to use this private directory. Don't forget to apply patches as soon as they come out.
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \