Can I restrict a user to use special programs?

view full story

http://unix.stackexchange.com – Is it possible to add a user and restrict him to run special programs? For example after this user logs in, he can only open Firefox to use Internet and no other programs can be run by this user. For example in a terminal, commands will not be accessible when you delete some environment variables like $HOME. But is it possible to avoid running programs in a graphical shell, like Gnome? If yes, how? (HowTos)