How can I restrict program access to other users?
Here is a quick way to do it with firefox as an example:
- Create a group
webusers
- change the rights of the firefox binary to 750 (root:rwx, webusers:r-x) and the ownership to
root:webusers
- add all users who should be allowed to use firefox to the group
webusers
You can, of course, create groups for all individual programs. Here are the commands for doing it.
sudo addgroup webusers
sudo chmod 750 /usr/bin/firefox
sudo chown root:webusers /usr/bin/firefox
sudo adduser alice webusers
sudo adduser bob webusers
You might want to have a look at Pessulus and Gnome Nanny to lock down user accounts.
To lock down specific programs you can use AppArmor. There is no simple configuration to accomplish what you want, but the official Wiki has a nice article on AppArmor: https://help.ubuntu.com/community/AppArmor