Users and Groups (userradd and groupadd or you can just directly modify the /etc/group and /etc/passwd files if you know what you're doing):
- Add all created users to main group that is reflected in ownership of directories in PUBLIC ('www-data' on a bluering, but I don't know for whitelight)
- Create a new group for privileged access
- Add all users EXCEPT this user to the new group
- Change ownership (chown) on directories under PUBLIC share (except the one you want left open) to be owned by the new group
- Change permissions on all the same directories to have no 'other' user access (770)
Now all users can access the open directory, and this particular user can only access the open directory.