In that case, it seems to be a good idea to setup a linux installation yourself for the user and not give them sudo (or root password) and then make a service allowing them to use the app store and updating their system without requiring root privileges, but not letting them add a repository.
In that case, it seems to be a good idea to setup a linux installation yourself for the user and not give them sudo (or root password) and then make a service allowing them to use the app store and updating their system without requiring root privileges, but not letting them add a repository.