Limited remote administration

view full story

https://bbs.archlinux.org – The only thing that come to mind right away is to use the chroot function of ssh[d] and then a crap load of hardlinks to create a bare bone "system" under that chrooted directory.  It sounds like a whole hell of a lot of work tbh. Why not just give him access to the full system in terms of readability, but only allow his "sudo-bility" to be able to issue those specific commands.  If you trust this individual with the data itself, just not the writing of the data (this I am totally not sure you are comfortable with), then I wouldn't see any harm in letting him (HowTos)