This is probably a newbie question, so I apologize if this is obvious or has been previously answered. I would like to lock down my ssh so that only two commands are available: internal sftp and a script that initiates a database frontend. This is in an attempt to lock out all command-line access entirely for regular users. If I add a line to my /etc/ssh/sshd_config
ForceCommand /usr/local/bin/myscript

this works beautifully, though does not allow the users to sftp to their home directories. Likewise, the line

ForceCommand internal-sftp

allows sftp but does not permit me to run the script. Putting both lines in has the same effect as only including the first line.
I'm running RHEL 5 on the relevant server, so I'm limited to openssh 4.7. If this is impossible on 4.7 but possible on a later version, let me know.