I am not sure what your goal is in trying to restrict the ip addresses that a user can access. My first guess is that you can't for individual users without affecting many users.
If you are asking how to limit a user only to one file or one directory on a box, that would take a great deal of management on your part.
I am not sure you could limit them to one script or file or even one directory without affecting many other users at the same time.
If you allow them on the box, they will be able to go to any directory that has "read" access on the directory for world or group if they have the same group as the directory has.
If you are having that much difficulty with a user or users, you need to have a long talk with their boss or do as LivinFree suggests and kick them off your box until they learn to play well with others.
Unix requires a certain level of trust from users who have access to it on your box. You can't allow a user on your box and then clamp down on their access to the box.
That would be like closing the barn door after the horse is already outside, it doesn't work.