how about using rbash? Only does the shell part, and it is not very hard to break out of the jail, but then again, allowing shell when you think users are going to purposely try to break it isn't a good idea...