shell question ?

I want to give away some free shells to my friends by ssh
but when they login they can view my whole filesystem and can excecute all commands
how can I let them view only there home dir and let them only excecute the commands I want ? I know you have to use chmod and stuff like that but I don't know how this is done on reall systems

This is quite a general unix problem. The rights system is (IMHO) not detailled enough to allow complex configurations. All Web-Hosters have this problem too... (i tricked ours today )

You need to setup one folder where you make a copy of the base system files that are required to run the programs (/bin, /sbin, /lib) and chroot() their accounts to this folder. if you want different users to be able to use different programs, you have to make a folder for each of them...
you can save/share space on the partition if you use hardlinks instead of real files (only if they are on the same one) .

ok that part I get, just kinda create a virtual tree with only the things he is allowed to
but how do you chroot that tree for that user
I have create /var/bin /var/lib /var/sbin and a new user test with as home /var/www/test and shell /bin/sh

/var is really not the place where someone should have their home directory ... it's okay for chrooting daemons (like OpenBSD does), but not for chrooting login shells. Do it somewhere in /home.

I'm not sure how to chroot login shells anway

i think for safely chroot()´ing an user´s login, you have to chroot() the whole sshd. it has an option for that, but i never tried. ask Mr.Google, he´ll know

I looked at the man pages of chroot but don't get it could anyone just give ma an example of one chroot command

You don't call the command yourself (though you can, chroot newrootdir, but it wouldn't be helpful here) - it's a config option somewhere, I believe. And if it's not, chrooting it would be a nontrivial task.