How to restrict users so that they can only execute commands from /bin?

Question

I was provided an assignment with several questions. One of the questions is:

How to restrict users can only execute the commands in the directory /bin?

I tried to solve it by using the following commands, but they did not work.

# useradd -s /bin/bash localuser
# usermod -s /bin/rbash localuser
# mkdir /home/localuser/programs

Here are the contents of /home/localuser/.bash_profile:

# .bash_profile  

# Get the aliases and functions  
if [ -f ~/.bashrc ]; then  
. ~/.bashrc  
fi  
# User specific environment and startup programs  
PATH=$HOME/programs  
export PATH

Then I tried:

[localuser@example ~]$ ls  
-rbash: ls: command not found  
[localuser@example ~]$ less file1  
-rbash: less: command not found  
[localuser@example ~]$ clear  
-rbash: clear: command not found  
[localuser@example ~]$ date  
-rbash: date: command not found  
[localuser@example ~]$ ping redhat.com  
-rbash: ping: command not found
# ln -s /bin/date /home/localuser/programs/  
# ln -s /bin/ls /home/localuser/programs/  
# ll /home/localuser/programs/  
total 8  
lrwxrwxrwx 1 root root 9 Oct 17 15:53 date -> /bin/date  
lrwxrwxrwx 1 root root 7 Oct 17 15:43 ls -> /bin/ls
[localuser@example ~]$ date  
Mon Oct 17 15:55:45 IST 2011  
[localuser@example ~]$ ls  
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 programs  
[localuser@example ~]$ clear  
-rbash: clear: command not found
# chattr +i /home/localuser/.bash_profile

What would be your answer?

Answer 1

It looks like you followed precisely either this answer or the guide it links to. But they specifically show how to restrict user to be able to run only specific commands. In their examples those commands where date and ls. But your question is different because you want the user to be able to run all commands from /bin, not just specific commands. So, instead of linking separate commands, you want to link the whole directory. You should be able to do it with ln.