John Nemeth wrote:
> - staff accounts can do anything
> - user accounts aren't allowed access to dot files (this is for scp)
> - user accounts shouldn't be allowed access to files outside their home
>   directories, except for a configured list of directories (this is for
>   scp)
> - an alternative to the above two requirements would be to disable scp
>   access for user accounts
> - user accounts aren't allowed to run arbitrary programs (i.e. no ssh,
>   just slogin)

I think this should not be too hard to do with any ssh using
properly hacked $HOME/.ssh/config or $HOME/.ssh/rc or $HOME/.ssh/environment.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@