If you are using the RBASH and the user has rights for example to call vi, he has the possibility to exit the shell by vi, also a "su exampleuser" would do the job, there are also possibilities to copy /bin/sh...... In this case the only thing i wanted to restrict the user to allow him to become root. Yes i know, the pro and cons about that, i decided that connecting by ssh to a user that has NO rights except su the root user and getting root if i need to change something is a good way.
As described earlier i added (modified) a user
useradd example -m -d /home/example -s /bin/rbash
usermod -s /bin/rbash example
passwd example
Then i edited his bash-profile and set the PATH only to his homedirectory.
vi /home/example/.bash_profile
I changed the part where the path-variable is set, it looks like this now:
# set PATH so it includes user's private bin if it exists
PATH=/home/example
#if [ -d ~/bin ] ; then
# PATH=~/bin:"${PATH}"
#fi
So this user has absolutely NO rights... cool Last step is to allow him to get root. That's done by creating a script, i named it suroot in /bin that contains the text "/bin/su root", of course you have to give it 755 rights afterwards. The very last step is to crate a link from the user home to the new script.
vi /bin/suroot
chmod 755 /bin/suroot
cd /home/example
ln -s /bin/suroot
I could not find a way to escape from this jailshell, sometimes i have overseen something, if so please let me know.