>>101242650
>I was more inclined to just having a separate user because I thought it would simplify everything. But it seems it's not easy to open GUI apps as another user?
well i'm not aware off the top of my head an easy way to do that, at the very least it would require you to elevate (enter your password) to do so, as your normal user can't run programs as someone else for obvious reasons, so sandboxing is probably want you want
if you're interested in the way i do it, here's an example wrapper;
/usr/local/bin/teams;
#!/bin/sh
if [ ! -e $HOME/.config/teams.home ]; then
mkdir $HOME/.config/teams.home
fi
bwrap --bind / / \
--tmpfs /tmp \
--tmpfs /home \
--bind $HOME/.config/teams.home $HOME \
--ro-bind $XAUTHORITY $XAUTHORITY \
/usr/bin/teams $@
this will replace your real home with "~/.config/teams.home" (can make it whatever you like) from the perspective of teams
you can block other locations by adding more --tmpfs lines (like if you want it to not see /media for example)
also i don't know if teams' executable is "teams" or if it's in /usr/bin so be sure to adjust that if it's different
p.s. since this will provide teams with an empty home folder, it will have completely default settings, like default theme/icons/fonts/etc. if you want it to follow those settings, you will need to bind (--ro-bind) those files/folders as well (this would also apply when dealing with another user)