Just to blog this. I'll need it in future.
If you have svn repositories server and you are using svn+ssh for the checkout and all svn actions you will want users to have access to only predefined repos only and not to any shell or anything.
I've done this by doing symlinks in their homes and using ssh file that looks like this authorized_keys:
command="svnserve -t --tunnel-user=user -r /home/user",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nz1...KEY HERE....
this way, you can lock them to use only svnserve and it will lock them to co only what's in their home dirs.
If you're not familiar with details - eg. how to generate keys, what is authorized_keys etc, I stole this from here: http://ingomueller.net/node/331 - read more there.
Of course you have to keep your snserve up to date and pray there are no vulns in it, otherwise users can hack you
But hey, you know the owners of the keys, don't you?
Got my pont?