Segmentation of apps through VMs/Containers on Debian

Harisfromcyber: > I’m slowly moving untrusted apps to containers or VMs to limit their interaction with my documents on my personal system. If this is your only or primary objective, you certainly don’t need containers or VMs. You can simply create a new (UNIX) user, who will not have access to the home directory of your other users. I would add your main user to the group of your secondary user and modify the group permissions so that your main user does have access to the files of the secondary users (but not vice versa). This is what I do when I run coding agents, for example.