linux user account isolation. remove /usr/bin permissions for specified user only

set default as no permissions for new files:

```bash

sudo setfacl -d -m u:untrusted:--- /usr/bin

```

remove all permissions from all files:

```bash

find /usr/bin/ -type f | while read f; do sudo setfacl -m u:untrusted:--- $f; done

```

whitelist what you need:

```bash

sudo setfacl -x u:untrusted /usr/bin/ls

```