There is a tool standard for most distributions chroot. It is used for sobitvenny isolations by a heap of system software. It is everywhere and does not have to be installed.
You create a user. You create a new directory.
In it you create the main system folders. You make one of the folders (for example, /home) user, that is, you change the owner chownto this user.
Then, using links (command ln), you add to these folders everything that you want the user and programs running under him to have access to.
You start all its sessions through chroot.
Do not forget to limit the use of hdd (command group quota).
And then he can be given the opportunity to use at least a package manager, even installing his own software, the user will not spoil anything.
Classic hosting, emn.
$ man chroot

https://access.redhat.com/solutions/65822

I don't know about linux, but there is no list in chsh in fra. You can specify anything as the shell.
There is also a usermod command, which can also be used as a shell to prescribe anything. Although even a shell script. I have made a stupid terminal, purely for connecting via SSH and port forwarding inside the LAN. The following script is specified as the shell for the connecting user:
#!/bin/sh
main() {
echo
echo
echo
echo
echo
echo
echo
echo
echo "Dumb terminal enabled"
while true; do
sleep 5
done
}
# Assign noop for Ctrl+C and run main
trap true INT
main [email protected]
Accordingly, this script just spins from sleep 5 and does not allow you to exit with Ctrl-C. But in the same way, you can hang up the expectation of some input from the user in the waiting loop, followed by processing this input by case to determine whether these commands are necessary or not. If unnecessary, then send, if necessary - execute with the necessary parameters.