Limit user to execute selective commands (Linux)

You might be going at this the wrong way. Instead of giving a user a 'restricted' bash shell, you should only give them access to the commands they would need to run as root. For example, in your sudoers file:

tomc ALL=(root) /usr/bin/vim /etc/myapp.conf
tomc ALL=(root) /usr/bin/less /var/log/myapp/*.log

Be careful with allowing users to run vim as root. Vim has a lot of features built-in, like escapes to shell and to the ability to run commands from within vim. Depending on your distribution, you might have sudoedit available. This works the same as a normal Vim, except it's designed to handle shell escapes and such.

On my Synology Diskstation running DSM 6 only admin users can ssh in consistently (non-admin users have shell as /sbin/nologin in /etc/passwd -- you can set this to /bin/sh to temporarily allow ssh, but on reboot the /etc/passwd file is reset). For this reason some kind of sudo restriction is needed for an account which otherwise exists only to execute e.g. /sbin/poweroff. The following lines in /etc/sudoers worked for me:

# Allow guestx user to remote poweroff
guestx ALL=(ALL) !ALL
guestx ALL=NOPASSWD: /sbin/poweroff

Translation: disallow all commands, then allow only the desired command (without asking for password in this case).

With this configuration sudo asks for the password and then fails for commands other than the whitelisted one:

guestx@ds:~$ sudo su -
Password: 
Sorry, user guestx is not allowed to execute '/bin/su -' as root on ds.
guestx@ds:~$