Subuser turns a docker container into a normal program. This program, however,
runs with restricted privileges. It can only access the directory from which it was
called, not the user's entire home directory. Each subuser is assigned a
specific set of permissions.