quite simply using a configuration file. It becomes easy to restrict user's access to a limited set of commands, chosing to allow any command over SSH (e.g. SCP,SFTP,rsync,etc.). OK'd by seb@
