Multiple accounts....

I've been doing a bit of research on this. Yes, it's possible to do this and in fact is one of the strengths of Linux. However, it is more along the level of a system admin than a casual user. Essentially, you need to set up groups for the applications you want to restrict users to and then assign only those you want to use the app to the group. I'll give you an example, but doing this for multiple apps is beyond my understanding. One of the tricks is fining the right file to modify. It's not quite a "template" approach but you set up one or more groups depending on how complicated you want this to be.

One question, though. My two kids use Ubuntu (7 and 11) and I haven't really seen anything that I think they should not use. The only exception might be internet but an all or nothing approach doesn't give them much chance to learn proper use and safety. However, you are their parent and not me so do as you feel is best. I'm only offering that I haven't found this necessary.

Okay, to do this you will first need to open up the user and group tool. It's under system - admin. Click on the manage groups button and then add a new group. For my example, this will be a group called "firefox" and we will limit the firefox program only to members of this group. If someone is not a member of this group they will not be able to use firefox. When you create the group, select yourself and root to be members but not anyone else (if that's what you want - it's just an example).

Now the best way to limit access is to open a terminal and change the group membership and permissions of firefox. I had to do a bit of research to find out what "file" to modify. Doing this to a lot of apps will require a lot more research (or someone with more knowledge :)).

The file we need to change is located in /usr/bin/firefox

In a terminal type

sudo chmod 770 /usr/bin/firefox

That will give permission to the file (which is what runs the firefox app) to the owner of it (which is root) and the members of the group (currently also root) but not to anyone else. If you stop here, no one but root will be able to run firefox.

Next, in the terminal type

sudo chown root:firefox /usr/bin/firefox

That sets the owner to root (which is what it was and should remain) and the group to members of the "firefox" group that we created earlier. You might need to log out and in for the change to take effect.

Assuming all when well, anyone who you set as a member of the "firefox" group should be able to run firefox (hopefully you left yourself and root as members). Anyone not a member of the group "firefox" will not be able to run it.

To be honest, I'm not entirely sure about the permissions we set (the 770 bit above which basically translates as full rights to owner and group and no rights to anyone else. 750 might be better. You can try that too). I was told this is correct so hopefully it is. If not, maybe someone else can correct me.

You can do the same for other apps (even assigning them to the group "firefox" although a better group name might make more sense like "nokids" or something). However, I don't know where all the files for each app reside and what their name will be. Most will be in /usr/bin/ but I can't guarantee that and there are sometimes more than one possibility (as in the case of firefox for which I found 3 possibilities).

Anyway, I hope that more or lets you know what you need to do and what's involved.

Say you have a directory containing things that are available to users in group granted but not to anyone else.

chgrp -R granted directory
chmod -R o-w,o-x,o-r directory

The 'o' is for 'other' (not 'owner'--Unix uses 'u' for user for that)
The -w -x -r means take away Write, eXecute, Read privileges from Other
The -R means recursive.

The nice thing about this method is that it allows you to leave the Group and User privileges untouched.

The numeric method sets all privileges.

Wow, I didn't know this question was still open! I've given up trying to clone one account setup for all users and just change the account owner's name - I just opened each individually, set up things one at a time and moved on. It's WAY too much of a hassle to mess with the rest of it and I don't have the time really to do it. But thanks for responding!!!!!!!!!!!!!!!!!! :)