I liked the simplicity and robustness of Ken's answer: use unix groups. > We would like to create accounts for restricted users
To be sure we understand the requirements, what precisely do you mean by "restricted users"? Do you *only* mean the following? > These users would have access to the filesystem > as appropriate, but would not be allowed to run the applications living > under /opt and /usr/local. If you only mean the above, then in the context of "primarily for data sharing purposes", what precisely do you mean by "access to the filesystem as appropriate"? Regards, Dan W.