Restricting environment apis when running a program

Hello everyone!
My problem is, while working on an operating system for a server, I decided that I want to restrict the players, because when the players are NOT restricted, they start to create viruses and cause damage to the players and the server.
The way I think is the best to restrict them, is not let them use the default api, but instead use api of my own, similar to the original api loaded with the computer, but a bit more restricted.

So, my first approach was to use the os.run() function, from the OS API, to give the players certain enviroment apis to work with. But than I found out that the os.run() only allows you to add functions to the enviroment, not restrict.
Well, you can restrict, but only by doing the following:

env = {['textutils'] = test}
os.run(env, 'path/to/my/program')

Which replaces the normal textutils api with my own 'test' api. (Thanks to zwap1233 for the idea from this topic:
http://www.computercraft.info/forums2/index.php?/topic/4651-luaquestion-how-does-osrun-work/)

What I need is a way to start from fresh: no apis. Or, restric certain apis instead of replacing each one with my own (Not a problem, but I dont think its the "best practice").

Thanks everyone.
(English is not my first language, sorry for anything spelled incorrectly :P/> ).

just do

os.loadAPI(nameofstandartAPI)

The file contains local back ups, because you don't want it referencing itself and the modified API. Don't bother overwritting Lua only APIs, these are easily gotten back. Rather overwrite stuff like FS and redstone.

Well you could setup a restricted enviroment using setfenv, you can find some examples here: http://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox
This would ofcourse be best if you included a custom startup file in a resourcepack on your server, so that it can't be modified, because it will be in your ROM directory.