I needed a restricted shell for my shell server - the one that’s available from outside my firewall, so I wrote one. You can download it under the terms of the GNU General Public License, version 3. It allows you to define a number of commands, which are the only commands that your users will be able to run. Everything the user tries is logged through syslog.
An Ubuntu Natty package is available here, rolled together in a ZIP (the DEB is inside).
Sources are available here.