I want to create a user for running (testing) unsafe applications (including native Linux, Java and WINE). I want to prevent those applications from accessing anything except /home/thisuser, keyboard, mouse, sound and video cards. How should I set the permissions? Lubuntu GUI didn’t even allowed me to block the network access for this user. (Disk partitions seem to work; this user can’t access USB drives and other partitions, not to mention /home/otherusers, without entering the root password. I’ve not tested Java and WINE restrictions yet, but being launched by that user, they probably must follow the restrictions).