I suspect that a restricted shell isn't going to be appropriate in this case. Restricted shells are useful for avoiding shooting yourself in the foot, but they're really not intended to be secure.
You're probably right that my suggestion is only a partial solution, but using a restricted shell and chroot()ing these users to a home directory that isn't owned/writable by that UID should come pretty close to solving the Original Poster's problem.
It might also be the case that the OP might be better off not generating "normal user accounts", but using application-specific user databases (such as found in software like Cyrus) to give controlled access to a particular service.
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
