First, read the man page of the shell that is used by your users (for the HP-UX default shell, run "man sh-posix" and start reading).
If the commands you want to restrict are shell's internal commands, you need to change the user's shell to a special restricted version (rsh). "man sh-posix" has instructions for setting up the rsh environment: you will need to configure everything that the user is *allowed* to do.
With rsh, you must be careful to not allow the use of any tool that includes the ability to run unrestricted shell commands.
If the commands you want to restrict are available only as separate binaries (e.g. in /usr/bin), you can change their permissions to remove the execute permission from normal users. You might also want to create a group for users that *are* allowed to execute such commands, and make those commands executable by that group only.
Making basic file manipulation commands like "rm" unavailable to regular command line users is usually futile: there are many other ways to delete a file. For example, move another file to overwrite the target file, then move it back. Or if they have access to a C compiler, they could easily build their own rm command.
Your users might learn tricks like that, or they might simply dump all their work on the restricted system to the system administrator (you) because they will really hate reporting every filename mistake to someone else to be fixed. Or they might request root access to the system "because nothing can be done without it": if they can get a boss to approve that, your work to secure the system will become worthless.
What's the actual problem you're trying to solve by restricting access to some basic commands?
MK
MK
